Ifihan si apakan nẹtiwọki ti awọn amayederun awọsanma

Iṣiro awọsanma n wọ inu jinle ati jinle sinu awọn igbesi aye wa ati pe boya ko si eniyan kan ti ko lo awọn iṣẹ awọsanma eyikeyi o kere ju lẹẹkan. Sibẹsibẹ, kini gangan awọsanma ati bi o ṣe n ṣiṣẹ, diẹ eniyan mọ, paapaa ni ipele ti ero kan. 5G ti di otitọ tẹlẹ ati pe awọn amayederun telecom ti bẹrẹ lati gbe lati awọn ojutu ọwọn si awọn ojutu awọsanma, gẹgẹ bi o ti ṣe nigbati o gbe lati awọn solusan ohun elo patapata si “awọn ọwọn” ti o ni agbara.

Loni a yoo sọrọ nipa aye ti inu ti awọn amayederun awọsanma, ni pato a yoo wo awọn ipilẹ ti apakan nẹtiwọki.

Kini awọsanma? Iṣaju-ara kanna - wiwo profaili?

Diẹ ẹ sii ju a mogbonwa ibeere. Rara - eyi kii ṣe agbara agbara, botilẹjẹpe ko le ṣee ṣe laisi rẹ. Jẹ ki a wo awọn itumọ meji:

Iṣiro awọsanma (lẹhin ti a tọka si bi Awọsanma) jẹ apẹrẹ fun ipese ore-olumulo si awọn orisun iširo pinpin ti o gbọdọ gbe lọ ati ṣe ifilọlẹ lori ibeere pẹlu lairi ti o kere julọ ati idiyele to kere si olupese iṣẹ.

Fojuinu Eyi ni agbara lati pin nkan ti ara kan (fun apẹẹrẹ, olupin) si ọpọlọpọ awọn foju foju, nitorinaa jijẹ lilo awọn orisun (fun apẹẹrẹ, o ni awọn olupin 3 ti kojọpọ ni 25-30 ogorun, lẹhin agbara agbara o gba olupin 1 ti kojọpọ. ni 80-90 ogorun). Nipa ti, agbara ipa jẹ diẹ ninu awọn orisun - o nilo lati ifunni hypervisor, sibẹsibẹ, bi iṣe ti fihan, ere naa tọsi abẹla naa. Apeere ti o dara julọ ti agbara agbara jẹ VMWare, eyiti o mura awọn ẹrọ foju ni pipe, tabi fun apẹẹrẹ KVM, eyiti Mo fẹ, ṣugbọn eyi jẹ ọrọ itọwo.

A lo agbara agbara laisi mimọ, ati paapaa awọn onimọ ipa-ọna irin ti lo agbara agbara tẹlẹ - fun apẹẹrẹ, ninu ẹya tuntun ti JunOS, ẹrọ ṣiṣe ti fi sori ẹrọ bi ẹrọ foju lori oke pinpin Linux gidi-akoko (Wind River 9). Ṣugbọn agbara agbara kii ṣe awọsanma, ṣugbọn awọsanma ko le wa laisi ipalọlọ.

Imudaniloju jẹ ọkan ninu awọn bulọọki ile lori eyiti a ti kọ awọsanma naa.

Ṣiṣe awọsanma nipa gbigba ọpọlọpọ awọn hypervisors nirọrun sinu agbegbe L2 kan, ṣafikun tọkọtaya kan ti awọn iwe-iṣere yaml fun iforukọsilẹ awọn vlans laifọwọyi nipasẹ iru ohun ti o ṣeeṣe ati mimu nkan bii eto orchestration sori gbogbo rẹ fun ṣiṣẹda awọn ẹrọ foju laifọwọyi kii yoo ṣiṣẹ. Yoo jẹ deede diẹ sii, ṣugbọn abajade Frankenstein kii ṣe awọsanma ti a nilo, botilẹjẹpe o le jẹ ala ti o ga julọ fun awọn miiran. Pẹlupẹlu, ti o ba mu Openstack kanna, o jẹ pataki si tun Frankenstein, ṣugbọn oh daradara, jẹ ki a ma sọrọ nipa iyẹn fun bayi.

Ṣugbọn Mo loye pe lati asọye ti a gbekalẹ loke ko ṣe kedere ohun ti a le pe ni awọsanma gangan.

Nitorinaa, iwe kan lati NIST (Ile-iṣẹ ti Orilẹ-ede ti Awọn ajohunše ati Imọ-ẹrọ) pese awọn abuda akọkọ 5 ti awọn amayederun awọsanma yẹ ki o ni:

Pese iṣẹ lori ìbéèrè. Olumulo naa gbọdọ ni iraye si ọfẹ si awọn orisun kọnputa ti a pin fun u (gẹgẹbi awọn nẹtiwọọki, awọn disiki foju, iranti, awọn ohun elo ero isise, ati bẹbẹ lọ), ati pe awọn orisun wọnyi gbọdọ wa ni ipese laifọwọyi - iyẹn ni, laisi ilowosi lati ọdọ olupese iṣẹ.

Wiwa iṣẹ jakejado. Wiwọle si awọn orisun gbọdọ jẹ ipese nipasẹ awọn ọna ṣiṣe boṣewa lati gba lilo awọn PC boṣewa mejeeji ati awọn alabara tinrin ati awọn ẹrọ alagbeka.

Apapọ oro sinu adagun. Awọn adagun omi orisun gbọdọ ni anfani lati pese awọn orisun si awọn alabara lọpọlọpọ ni akoko kanna, ni idaniloju pe awọn alabara wa ni ipinya ati ni ominira ti ipa-ẹgbẹ ati idije fun awọn orisun. Awọn nẹtiwọọki tun wa ninu awọn adagun-odo, eyiti o tọka si iṣeeṣe ti lilo awọn adirẹsi agbekọja. Awọn adagun omi gbọdọ ni anfani lati ṣe iwọn lori ibeere. Lilo awọn adagun-odo jẹ ki o ṣee ṣe lati pese ipele pataki ti ifarada ẹbi orisun ati abstraction ti ti ara ati awọn orisun foju - olugba ti iṣẹ naa ni a pese ni irọrun pẹlu ṣeto awọn orisun ti o beere (nibiti awọn orisun wọnyi wa ni ti ara, lori melo ni awọn olupin ati awọn iyipada - ko ṣe pataki si alabara). Sibẹsibẹ, a gbọdọ ṣe akiyesi otitọ pe olupese gbọdọ rii daju ifiṣura sihin ti awọn orisun wọnyi.

Awọn ọna aṣamubadọgba si yatọ si awọn ipo. Awọn iṣẹ gbọdọ wa ni rọ - ipese awọn orisun ni iyara, atunkọ wọn, fifi kun tabi idinku awọn orisun ni ibeere alabara, ati ni apakan alabara yẹ ki o ni rilara pe awọn orisun awọsanma ko ni ailopin. Fun irọrun ti oye, fun apẹẹrẹ, iwọ ko rii ikilọ pe apakan ti aaye disk rẹ ni Apple iCloud ti parẹ nitori dirafu lile lori olupin naa ti bajẹ, ati awọn awakọ n fọ. Ni afikun, ni apakan tirẹ, awọn aye ti iṣẹ yii fẹrẹ jẹ ailopin - o nilo TB 2 - ko si iṣoro, o sanwo ati gba. Iru apẹẹrẹ le ṣee fun pẹlu Google.Drive tabi Yandex.Disk.

O ṣeeṣe ti wiwọn iṣẹ ti a pese. Awọn ọna ṣiṣe awọsanma gbọdọ ṣakoso laifọwọyi ati mu awọn orisun jijẹ dara si, ati pe awọn ilana wọnyi gbọdọ jẹ sihin si olumulo mejeeji ati olupese iṣẹ. Iyẹn ni, o le nigbagbogbo ṣayẹwo iye awọn orisun ti iwọ ati awọn alabara rẹ n gba.

O tọ lati ṣe akiyesi otitọ pe awọn ibeere wọnyi jẹ awọn ibeere pupọ julọ fun awọsanma ti gbogbo eniyan, nitorinaa fun awọsanma ikọkọ (ti o jẹ, awọsanma ti a ṣe ifilọlẹ fun awọn aini inu ile), awọn ibeere wọnyi le ṣe atunṣe diẹ. Sibẹsibẹ, wọn tun ni lati ṣe, bibẹẹkọ a kii yoo gba gbogbo awọn anfani ti iširo awọsanma.

Kini idi ti a nilo awọsanma?

Sibẹsibẹ, eyikeyi titun tabi imọ-ẹrọ ti o wa tẹlẹ, eyikeyi ilana tuntun ti ṣẹda fun ohunkan (daradara, ayafi fun RIP-ng, dajudaju). Ko si ẹnikan ti o nilo ilana kan nitori ilana kan (daradara, ayafi fun RIP-ng, dajudaju). O jẹ ọgbọn pe A ṣẹda awọsanma lati pese iru iṣẹ kan si olumulo/alabara. Gbogbo wa ni imọran pẹlu o kere ju awọn iṣẹ awọsanma meji, fun apẹẹrẹ Dropbox tabi Google.Docs, ati pe Mo gbagbọ pe ọpọlọpọ eniyan lo wọn ni aṣeyọri - fun apẹẹrẹ, a kọ nkan yii nipa lilo iṣẹ awọsanma Google.Docs. Ṣugbọn awọn iṣẹ awọsanma ti a mọ jẹ apakan nikan ti awọn agbara ti awọsanma-diẹ sii ni pato, wọn jẹ iṣẹ-iru SaaS nikan. A le pese iṣẹ awọsanma ni awọn ọna mẹta: ni irisi SaaS, PaaS tabi IaaS. Iṣẹ wo ni o nilo da lori awọn ifẹ ati awọn agbara rẹ.

Jẹ ki a wo ọkọọkan ni lẹsẹsẹ:

Software bi Iṣẹ (SaaS) jẹ apẹrẹ fun ipese iṣẹ ni kikun si alabara, fun apẹẹrẹ, iṣẹ imeeli bi Yandex.Mail tabi Gmail. Ninu awoṣe ifijiṣẹ iṣẹ yii, iwọ, bi alabara, ko ṣe nkankan ayafi lilo awọn iṣẹ naa - iyẹn ni, iwọ ko nilo lati ronu nipa iṣeto iṣẹ naa, ifarada ẹbi tabi apọju. Ohun akọkọ kii ṣe lati ba ọrọ igbaniwọle rẹ jẹ; olupese iṣẹ yii yoo ṣe iyoku fun ọ. Lati oju wiwo ti olupese iṣẹ, o jẹ iduro ni kikun fun gbogbo iṣẹ naa - lati ohun elo olupin ati awọn ọna ṣiṣe olupin si ibi ipamọ data ati awọn eto sọfitiwia.

Syeed bi Iṣẹ kan (PaaS) - nigba lilo awoṣe yii, olupese iṣẹ pese onibara pẹlu iṣẹ-ṣiṣe fun iṣẹ naa, fun apẹẹrẹ, jẹ ki a mu olupin wẹẹbu kan. Olupese iṣẹ pese onibara pẹlu olupin foju (ni otitọ, ṣeto awọn orisun, gẹgẹbi Ramu / CPU / Ibi ipamọ / Awọn nẹtiwọki, ati bẹbẹ lọ), ati paapaa fi sori ẹrọ OS ati sọfitiwia pataki lori olupin yii, sibẹsibẹ, iṣeto ni ti gbogbo nkan wọnyi ni a ṣe nipasẹ alabara funrararẹ ati fun iṣẹ ṣiṣe ti alabara naa dahun. Olupese iṣẹ, bi ninu ọran ti tẹlẹ, jẹ iduro fun iṣẹ ti ohun elo ti ara, awọn hypervisors, ẹrọ foju funrararẹ, wiwa nẹtiwọọki rẹ, ati bẹbẹ lọ, ṣugbọn iṣẹ funrararẹ ko si ni agbegbe ti ojuse.

Amayederun bii Iṣẹ kan (IaaS) - ọna yii ti jẹ iyanilenu diẹ sii, ni otitọ, olupese iṣẹ n pese alabara pẹlu awọn amayederun apilẹṣẹ pipe - iyẹn ni, diẹ ninu ṣeto (adagun-odo) ti awọn orisun, gẹgẹbi awọn Cores CPU, Ramu, Awọn nẹtiwọki, bbl Ohun gbogbo miiran jẹ to to. alabara - kini alabara fẹ lati ṣe pẹlu awọn orisun wọnyi laarin adagun omi ti a pin (iye) - kii ṣe pataki paapaa fun olupese. Boya alabara fẹ lati ṣẹda vEPC tirẹ tabi paapaa ṣẹda oniṣẹ mini ati pese awọn iṣẹ ibaraẹnisọrọ - ko si ibeere - ṣe. Ni iru oju iṣẹlẹ yii, olupese iṣẹ jẹ iduro fun ipese awọn orisun, ifarada ẹbi wọn ati wiwa, bakanna bi OS ti o fun wọn laaye lati ṣajọpọ awọn orisun wọnyi ati jẹ ki wọn wa si alabara pẹlu agbara lati mu tabi dinku awọn orisun nigbakugba ni ìbéèrè ti awọn ose. Onibara tunto gbogbo awọn ẹrọ foju ati awọn tinsel miiran funrararẹ nipasẹ ọna abawọle ti ara ẹni ati console, pẹlu eto awọn nẹtiwọọki (ayafi fun awọn nẹtiwọọki ita).

Kini OpenStack?

Ni gbogbo awọn aṣayan mẹta, olupese iṣẹ nilo OS kan ti yoo jẹ ki ẹda ti awọn amayederun awọsanma. Ni otitọ, pẹlu SaaS, ipin diẹ sii ju ọkan lọ jẹ iduro fun gbogbo akopọ ti awọn imọ-ẹrọ - ipin kan wa ti o ni iduro fun awọn amayederun - iyẹn ni, o pese IaaS si pipin miiran, pipin yii pese SaaS si alabara. OpenStack jẹ ọkan ninu awọn ọna ṣiṣe awọsanma ti o fun ọ laaye lati gba opo awọn iyipada, awọn olupin ati awọn eto ibi ipamọ sinu adagun orisun kan, pin adagun-odo ti o wọpọ si awọn adagun-omi kekere (awọn ayalegbe) ati pese awọn orisun wọnyi si awọn alabara lori nẹtiwọọki naa.

OpenStack jẹ ẹrọ ṣiṣe awọsanma ti o fun ọ laaye lati ṣakoso awọn adagun nla ti awọn orisun iširo, ibi ipamọ data ati awọn orisun nẹtiwọọki, ti pese ati iṣakoso nipasẹ API nipa lilo awọn ilana ijẹrisi boṣewa.

Ni awọn ọrọ miiran, eyi jẹ eto awọn iṣẹ akanṣe sọfitiwia ọfẹ ti a ṣe apẹrẹ lati ṣẹda awọn iṣẹ awọsanma (mejeeji ti gbogbo eniyan ati ni ikọkọ) - iyẹn ni, ṣeto awọn irinṣẹ ti o gba ọ laaye lati ṣajọpọ olupin ati ẹrọ iyipada sinu adagun kan ti awọn orisun, ṣakoso awọn orisun wọnyi, pese ipele pataki ti ifarada ẹbi.

Ni akoko kikọ ohun elo yii, eto OpenStack dabi eyi:

Aworan ya lati openstack.org

Ọkọọkan awọn paati ti o wa pẹlu OpenStack ṣe iṣẹ kan pato. Faaji ti a pin kaakiri yii gba ọ laaye lati ṣafikun ninu ojutu ṣeto awọn paati iṣẹ ṣiṣe ti o nilo. Sibẹsibẹ, diẹ ninu awọn paati jẹ awọn paati gbongbo ati yiyọkuro wọn yoo yorisi pipe tabi ailagbara apakan ti ojutu lapapọ. Awọn paati wọnyi nigbagbogbo ni ipin bi:

• Dashboard - GUI orisun wẹẹbu fun iṣakoso awọn iṣẹ OpenStack
• Ipele jẹ iṣẹ idanimọ aarin ti o pese ijẹrisi ati iṣẹ ṣiṣe aṣẹ fun awọn iṣẹ miiran, bakanna bi ṣiṣakoso awọn ẹri olumulo ati awọn ipa wọn.
• Neutron - iṣẹ nẹtiwọọki kan ti o pese Asopọmọra laarin awọn atọkun ti ọpọlọpọ awọn iṣẹ OpenStack (pẹlu Asopọmọra laarin awọn VM ati iwọle si agbaye ita)
• Kokoro - pese iraye si ibi ipamọ dina fun awọn ẹrọ foju
• Nova - iṣakoso igbesi aye ti awọn ẹrọ foju
• Kokan - ibi ipamọ ti awọn aworan ẹrọ foju ati awọn snapshots
• Swift - pese wiwọle si ohun ipamọ
• Ceilometer - iṣẹ kan ti o pese agbara lati gba telemetry ati wiwọn ti o wa ati awọn orisun ti o jẹ
• ooru - orchestration da lori awọn awoṣe fun ẹda laifọwọyi ati ipese awọn orisun

Atokọ pipe ti gbogbo awọn iṣẹ akanṣe ati idi wọn ni a le wo nibi.

Apakan OpenStack kọọkan jẹ iṣẹ kan ti o ṣe iṣẹ kan pato ati pese API lati ṣakoso iṣẹ yẹn ati ibaraenisepo pẹlu awọn iṣẹ eto iṣẹ awọsanma miiran lati ṣẹda awọn amayederun iṣọkan. Fun apẹẹrẹ, Nova n pese iṣakoso awọn orisun iširo ati API fun iraye si atunto awọn orisun wọnyi, Glance n pese iṣakoso aworan ati API kan fun ṣiṣakoso wọn, Cinder pese ibi ipamọ Àkọsílẹ ati API fun ṣiṣakoso rẹ, ati bẹbẹ lọ. Gbogbo awọn iṣẹ ni asopọ ni ọna isunmọ pupọ.

Sibẹsibẹ, ti o ba wo, gbogbo awọn iṣẹ ti n ṣiṣẹ ni OpenStack jẹ iru ẹrọ foju kan (tabi eiyan) ti o sopọ si nẹtiwọọki naa. Ibeere naa waye - kilode ti a nilo awọn eroja pupọ?

Jẹ ki a lọ nipasẹ algorithm fun ṣiṣẹda ẹrọ foju kan ati so pọ si nẹtiwọọki ati ibi ipamọ itẹramọ ni Openstack.

1. Nigbati o ba ṣẹda ibeere lati ṣẹda ẹrọ kan, jẹ ibeere nipasẹ Horizon (Dashboard) tabi ibeere nipasẹ CLI, ohun akọkọ ti o ṣẹlẹ ni aṣẹ ti ibeere rẹ lori Keystone - ṣe o le ṣẹda ẹrọ kan, ṣe o ni awọn ẹtọ lati lo nẹtiwọọki yii, ṣe ipin yiyan rẹ, ati bẹbẹ lọ.
2. Keystone jẹri ibeere rẹ ati ṣe ipilẹṣẹ ami-ẹri auth ninu ifiranṣẹ esi, eyiti yoo ṣee lo siwaju sii. Lẹhin ti o ti gba esi lati Keystone, ibeere naa ni a firanṣẹ si Nova (nova api).
3. Nova-api ṣe ayẹwo iwulo ti ibeere rẹ nipa kikan si Keystone nipa lilo ami afọwọsi ti ipilẹṣẹ tẹlẹ
4. Keystone ṣe ijẹrisi ati pese alaye lori awọn igbanilaaye ati awọn ihamọ ti o da lori ami afọwọsi yii.
5. Nova-api ṣẹda titẹsi fun VM tuntun ni nova-database ati pe o kọja ibeere lati ṣẹda ẹrọ naa si oluṣeto nova.
6. Nova-scheduler yan awọn ogun (kọmputa ipade) lori eyi ti VM yoo wa ni ransogun da lori awọn pàtó kan sile, òṣuwọn ati awọn agbegbe. Igbasilẹ ti eyi ati ID VM ni a kọ si nova-database.
7. Nigbamii ti, nova-scheduler kan si nova-iṣiro pẹlu ibeere lati ran apẹẹrẹ kan lọ. Nova-compute awọn olubasọrọ nova-conductor lati gba alaye nipa awọn paramita ẹrọ (nova-conductor jẹ ẹya nova ti o ṣiṣẹ bi olupin aṣoju laarin nova-database ati nova-compute, ni opin nọmba awọn ibeere si aaye data nova-data lati yago fun awọn iṣoro pẹlu data data idinku fifuye aitasera).
8. Nova-adaorin gba alaye ti o beere lati nova-database ati ki o koja si nova-iṣiro.
9. Nigbamii, nova-iṣiro awọn ipe kokan lati gba ID aworan naa. Glace fọwọsi ibeere ni Keystone ati da alaye ti o beere pada.
10. Nova-iṣiro awọn olubasọrọ neutroni lati gba alaye nipa awọn paramita nẹtiwọki. Iru si kokan, neutroni fọwọsi ibeere ni Keystone, lẹhin eyi o ṣẹda titẹsi sinu ibi ipamọ data (idamo ibudo, bbl), ṣẹda ibeere kan lati ṣẹda ibudo kan, o si da alaye ti o beere pada si nova-iṣiro.
11. Nova-iṣiro awọn olubasọrọ cinder pẹlu ibeere kan lati pin iwọn didun kan si ẹrọ foju. Iru si iwo, cider ṣe ifọwọsi ibeere ni Keystone, ṣẹda ibeere ẹda iwọn didun, ati da alaye ti o beere pada.
12. Nova-iṣiro awọn olubasọrọ libvirt pẹlu kan ìbéèrè lati ran awọn foju ẹrọ pẹlu awọn pàtó kan sile.

Ni otitọ, iṣẹ ti o dabi ẹnipe o rọrun ti ṣiṣẹda ẹrọ foju ti o rọrun kan yipada si iru afẹfẹ ti awọn ipe API laarin awọn eroja ti Syeed awọsanma. Pẹlupẹlu, bi o ti le rii, paapaa awọn iṣẹ ti a yan tẹlẹ tun ni awọn paati kekere laarin eyiti ibaraenisepo waye. Ṣiṣẹda ẹrọ jẹ apakan kekere ti ohun ti Syeed awọsanma gba ọ laaye lati ṣe - iṣẹ kan wa ti o ni iduro fun iwọntunwọnsi ijabọ, iṣẹ kan ti o ni iduro fun ibi ipamọ bulọki, iṣẹ kan ti o ni iduro fun DNS, iṣẹ ti o ni iduro fun ipese awọn olupin irin igboro, bbl Awọsanma n gba ọ laaye lati tọju awọn ẹrọ foju rẹ bi agbo agutan (ni idakeji si agbara ipa). Ti ohunkan ba ṣẹlẹ si ẹrọ rẹ ni agbegbe foju - o mu pada lati awọn afẹyinti, ati bẹbẹ lọ, ṣugbọn awọn ohun elo awọsanma ti kọ ni ọna ti ẹrọ foju ko ṣe iru ipa pataki bẹ - ẹrọ foju “ku” - ko si iṣoro - tuntun kan ti ṣẹda ọkọ naa da lori awoṣe ati, bi wọn ṣe sọ, ẹgbẹ ko ṣe akiyesi isonu ti onija naa. Nipa ti, eyi pese fun wiwa awọn ọna ṣiṣe orchestration - lilo awọn awoṣe Ooru, o le ni rọọrun ran iṣẹ eka kan ti o ni awọn dosinni ti awọn nẹtiwọọki ati awọn ẹrọ foju.

O tọ lati tọju ni lokan pe ko si awọn amayederun awọsanma laisi nẹtiwọọki kan - ipin kọọkan ni ọna kan tabi omiiran ṣe ajọṣepọ pẹlu awọn eroja miiran nipasẹ nẹtiwọọki. Ni afikun, awọsanma ni nẹtiwọki ti kii ṣe aimi. Nipa ti, nẹtiwọọki abẹlẹ paapaa diẹ sii tabi kere si aimi - awọn apa tuntun ati awọn iyipada ko ni ṣafikun lojoojumọ, ṣugbọn paati agbekọja le ati pe yoo yipada nigbagbogbo - awọn nẹtiwọọki tuntun yoo ṣafikun tabi paarẹ, awọn ẹrọ foju tuntun yoo han ati awọn ti atijọ yoo han. kú. Ati bi o ṣe ranti lati itumọ ti awọsanma ti a fun ni ibẹrẹ nkan naa, awọn orisun yẹ ki o pin si olumulo laifọwọyi ati pẹlu o kere julọ (tabi dara julọ sibẹsibẹ, laisi) ilowosi lati ọdọ olupese iṣẹ. Iyẹn ni, iru ipese ti awọn orisun nẹtiwọọki ti o wa bayi ni irisi opin-iwaju ni irisi akọọlẹ ti ara ẹni ti o wa nipasẹ http/https ati ẹlẹrọ nẹtiwọọki lori iṣẹ Vasily bi ẹhin kii ṣe awọsanma, paapaa ti Vasily ba ni ọwọ mẹjọ.

Neutroni, gẹgẹbi iṣẹ nẹtiwọọki kan, pese API kan fun ṣiṣakoso apakan nẹtiwọki ti awọn amayederun awọsanma. Iṣẹ naa n ṣe agbara ati ṣakoso apakan nẹtiwọki ti Openstack nipa pipese Layer abstraction ti a pe ni Network-as-a-Service (NaaS). Iyẹn ni, nẹtiwọọki jẹ ẹyọ wiwọn foju kanna bi, fun apẹẹrẹ, awọn ohun kohun Sipiyu foju tabi iye Ramu.

Ṣugbọn ṣaaju ki o to lọ si faaji ti apakan nẹtiwọọki ti OpenStack, jẹ ki a gbero bii nẹtiwọọki yii ṣe n ṣiṣẹ ni OpenStack ati idi ti nẹtiwọọki jẹ apakan pataki ati apakan ti awọsanma.

Nitorinaa a ni awọn VM alabara RED meji ati awọn VM alabara GREEN meji. Jẹ ki a ro pe awọn ẹrọ wọnyi wa lori awọn hypervisors meji ni ọna yii:

Ni akoko yii, eyi jẹ agbara agbara ti awọn olupin 4 ati pe ko si diẹ sii, niwọn igba ti gbogbo ohun ti a ti ṣe ni agbara awọn olupin 4, gbigbe wọn sori awọn olupin ti ara meji. Ati titi di isisiyi wọn ko tii sopọ mọ nẹtiwọọki naa.

Lati ṣe awọsanma, a nilo lati ṣafikun ọpọlọpọ awọn paati. Ni akọkọ, a ṣe afihan apakan nẹtiwọọki - a nilo lati sopọ awọn ẹrọ 4 wọnyi ni awọn orisii, ati awọn alabara fẹ asopọ L2 kan. O le lo iyipada kan ki o tunto ẹhin mọto ni itọsọna rẹ ki o yanju ohun gbogbo nipa lilo afara linux tabi, fun awọn olumulo ilọsiwaju diẹ sii, openvswitch (a yoo pada si eyi nigbamii). Ṣugbọn awọn nẹtiwọọki pupọ le wa, ati titari L2 nigbagbogbo nipasẹ iyipada kii ṣe imọran ti o dara julọ - awọn ẹka oriṣiriṣi wa, tabili iṣẹ kan, awọn oṣu ti nduro fun ohun elo kan lati pari, awọn ọsẹ ti laasigbotitusita - ni agbaye ode oni eyi ọna ko ṣiṣẹ mọ. Ati ni kete ti ile-iṣẹ kan ba loye eyi, rọrun ti o jẹ fun u lati lọ siwaju. Nitorinaa, laarin awọn hypervisors a yoo yan nẹtiwọọki L3 nipasẹ eyiti awọn ẹrọ foju wa yoo ṣe ibasọrọ, ati lori oke nẹtiwọọki L3 yii a yoo kọ awọn nẹtiwọọki apọju L2 foju nibiti ijabọ ti awọn ẹrọ foju wa yoo ṣiṣẹ. O le lo GRE, Geneve tabi VxLAN bi encapsulation. Jẹ ki a dojukọ igbehin fun bayi, botilẹjẹpe kii ṣe pataki paapaa.

A nilo lati wa VTEP ibikan (Mo nireti pe gbogbo eniyan mọ pẹlu awọn ọrọ-ọrọ VxLAN). Niwọn igba ti a ni nẹtiwọọki L3 ti n bọ taara lati ọdọ awọn olupin, ko si ohun ti o ṣe idiwọ fun wa lati gbe VTEP sori awọn olupin funrararẹ, ati OVS (OpenvSwitch) dara julọ ni ṣiṣe eyi. Bi abajade, a ni apẹrẹ yii:

Niwọn igba ti ijabọ laarin awọn VM gbọdọ pin, awọn ebute oko oju omi si awọn ẹrọ foju yoo ni awọn nọmba vlan oriṣiriṣi. Awọn tag nọmba yoo kan ipa nikan laarin ọkan foju yipada, niwon nigba ti encapsulated ni VxLAN a le awọn iṣọrọ yọ kuro, niwon a yoo ni a VNI.

Bayi a le ṣẹda awọn ẹrọ wa ati awọn nẹtiwọọki foju fun wọn laisi awọn iṣoro eyikeyi.

Sibẹsibẹ, kini ti alabara ba ni ẹrọ miiran, ṣugbọn o wa lori nẹtiwọọki ti o yatọ? A nilo rutini laarin awọn nẹtiwọki. A yoo wo aṣayan ti o rọrun nigbati a ba lo ipa-ọna aarin - iyẹn ni pe, awọn ọna opopona ti wa ni ipa nipasẹ awọn apa nẹtiwọki iyasọtọ pataki (daradara, gẹgẹbi ofin, wọn ni idapo pẹlu awọn apa iṣakoso, nitorinaa a yoo ni ohun kanna).

O dabi pe ko si ohun idiju - a ṣe ni wiwo Afara lori ipade iṣakoso, wakọ ijabọ si rẹ ati lati ibẹ a ti lọ si ibi ti a nilo rẹ. Ṣugbọn iṣoro naa ni pe onibara RED fẹ lati lo nẹtiwọki 10.0.0.0/24, ati pe onibara GREEN fẹ lati lo nẹtiwọki 10.0.0.0/24. Iyẹn ni, a bẹrẹ lati intersect awọn aaye adirẹsi. Ni afikun, awọn alabara ko fẹ ki awọn alabara miiran ni anfani lati lọ si awọn nẹtiwọọki inu wọn, eyiti o jẹ oye. Lati ya awọn nẹtiwọọki ati ijabọ data alabara, a yoo pin aaye orukọ lọtọ fun ọkọọkan wọn. Namespace jẹ ni otitọ ẹda kan ti akopọ nẹtiwọọki Linux, iyẹn ni, awọn alabara ni aaye orukọ RED ti ya sọtọ patapata lati ọdọ awọn alabara lati aaye orukọ GREEN (daradara, boya ipa-ọna laarin awọn nẹtiwọọki alabara wọnyi ni a gba laaye nipasẹ aaye orukọ aiyipada tabi lori ohun elo gbigbe oke).

Iyẹn ni, a gba aworan atọka wọnyi:

L2 tunnels converge lati gbogbo iširo apa to Iṣakoso ipade. ipade nibiti wiwo L3 fun awọn nẹtiwọọki wọnyi wa, ọkọọkan ni aaye orukọ iyasọtọ fun ipinya.

Sibẹsibẹ, a gbagbe ohun pataki julọ. Ẹrọ foju gbọdọ pese iṣẹ kan si alabara, iyẹn ni, o gbọdọ ni o kere ju ni wiwo ita kan nipasẹ eyiti o le de ọdọ. Iyẹn ni, a nilo lati jade lọ si aye ita. Awọn aṣayan oriṣiriṣi wa nibi. Jẹ ki a ṣe aṣayan ti o rọrun julọ. A yoo ṣafikun nẹtiwọọki kan si alabara kọọkan, eyiti yoo wulo ni nẹtiwọọki olupese ati kii yoo ni lqkan pẹlu awọn nẹtiwọọki miiran. Awọn nẹtiwọki le tun intersect ati ki o wo ni orisirisi awọn VRFs ni ẹgbẹ ti awọn nẹtiwọki olupese. Awọn data nẹtiwọki yoo tun gbe ni aaye orukọ ti alabara kọọkan. Sibẹsibẹ, wọn yoo tun jade lọ si agbaye ita nipasẹ ọkan ti ara (tabi mnu, eyiti o jẹ ọgbọn diẹ sii) ni wiwo. Lati yapa ijabọ alabara, ijabọ ti n lọ si ita yoo jẹ aami pẹlu aami VLAN ti a pin si alabara.

Bi abajade, a ni aworan atọka yii:

Ibeere ti o ni oye ni kilode ti o ko ṣe awọn ẹnu-ọna lori awọn apa oniṣiro funrararẹ? Eyi kii ṣe iṣoro nla; pẹlupẹlu, ti o ba tan olulana ti a pin (DVR), eyi yoo ṣiṣẹ. Ninu oju iṣẹlẹ yii, a n gbero aṣayan ti o rọrun julọ pẹlu ẹnu-ọna aarin, eyiti o jẹ lilo nipasẹ aiyipada ni Openstack. Fun awọn iṣẹ fifuye giga, wọn yoo lo mejeeji olulana pinpin ati awọn imọ-ẹrọ isare bii SR-IOV ati Passthrough, ṣugbọn bi wọn ti sọ, iyẹn jẹ itan ti o yatọ patapata. Ni akọkọ, jẹ ki a wo pẹlu apakan ipilẹ, lẹhinna a yoo lọ sinu awọn alaye.

Lootọ, ero wa ti ṣiṣẹ tẹlẹ, ṣugbọn awọn nuances meji wa:

• A nilo lati bakan ṣe aabo awọn ẹrọ wa, iyẹn ni, fi àlẹmọ sori wiwo yipada si alabara.
• Ṣe o ṣee ṣe fun ẹrọ foju kan lati gba adirẹsi IP laifọwọyi, nitorinaa o ko ni lati wọle sinu rẹ nipasẹ console ni gbogbo igba ati forukọsilẹ adirẹsi naa.

Jẹ ki a bẹrẹ pẹlu aabo ẹrọ. Fun eyi o le lo banal iptables, kilode ti kii ṣe.

Iyẹn ni, ni bayi topology wa ti di idiju diẹ sii:

Jẹ ki a tẹsiwaju. A nilo lati ṣafikun olupin DHCP kan. Ibi ti o dara julọ lati wa awọn olupin DHCP fun alabara kọọkan yoo jẹ ipade iṣakoso ti a ti sọ tẹlẹ loke, nibiti awọn aaye orukọ wa:

Sibẹsibẹ, iṣoro kekere kan wa. Kini ti ohun gbogbo ba tun bẹrẹ ati gbogbo alaye nipa awọn adirẹsi iyalo lori DHCP ti sọnu. O jẹ ọgbọn pe awọn ẹrọ yoo fun awọn adirẹsi tuntun, eyiti ko rọrun pupọ. Awọn ọna meji lo wa nibi - boya lo awọn orukọ-ašẹ ati ṣafikun olupin DNS kan fun alabara kọọkan, lẹhinna adirẹsi naa kii yoo ṣe pataki pataki si wa (bii apakan nẹtiwọọki ni k8s) - ṣugbọn iṣoro wa pẹlu awọn nẹtiwọọki ita, niwon Awọn adirẹsi tun le ṣe ifilọlẹ ninu wọn nipasẹ DHCP - o nilo amuṣiṣẹpọ pẹlu awọn olupin DNS ni pẹpẹ awọsanma ati olupin DNS ita, eyiti ninu ero mi ko rọ pupọ, ṣugbọn o ṣee ṣe pupọ. Tabi aṣayan keji ni lati lo metadata - iyẹn ni, ṣafipamọ alaye nipa adirẹsi ti a fiweranṣẹ si ẹrọ naa ki olupin DHCP mọ iru adirẹsi ti o fun ẹrọ naa ti ẹrọ naa ba ti gba adirẹsi tẹlẹ. Aṣayan keji jẹ rọrun ati irọrun diẹ sii, bi o ṣe gba ọ laaye lati fipamọ alaye afikun nipa ọkọ ayọkẹlẹ naa. Bayi jẹ ki a ṣafikun metadata aṣoju si aworan atọka naa:

Ọrọ miiran ti o tun tọ lati jiroro ni agbara lati lo nẹtiwọọki ita kan nipasẹ gbogbo awọn alabara, nitori awọn nẹtiwọọki ita, ti wọn ba gbọdọ wulo jakejado gbogbo nẹtiwọọki, yoo nira - o nilo lati pin nigbagbogbo ati ṣakoso ipin ti awọn nẹtiwọọki wọnyi. Agbara lati lo nẹtiwọọki atunto iṣaaju ita kan fun gbogbo awọn alabara yoo wulo pupọ nigbati o ṣẹda awọsanma ti gbogbo eniyan. Eyi yoo jẹ ki o rọrun lati ran awọn ẹrọ ṣiṣẹ nitori a ko ni lati kan si ibi ipamọ data adirẹsi kan ki o yan aaye adirẹsi alailẹgbẹ kan fun nẹtiwọọki ita ti alabara kọọkan. Ni afikun, a le forukọsilẹ nẹtiwọki ita ni ilosiwaju ati ni akoko imuṣiṣẹ a yoo nilo nikan lati ṣepọ awọn adirẹsi ita pẹlu awọn ẹrọ alabara.

Ati pe nibi NAT wa si iranlọwọ wa - a yoo kan jẹ ki o ṣee ṣe fun awọn alabara lati wọle si agbaye ita nipasẹ aaye orukọ aiyipada nipa lilo itumọ NAT. O dara, eyi ni iṣoro kekere kan. Eyi dara ti olupin alabara ba ṣiṣẹ bi alabara kii ṣe bi olupin - iyẹn ni, o bẹrẹ kuku ju gbigba awọn isopọ. Ṣugbọn fun wa yoo jẹ ọna miiran ni ayika. Ni ọran yii, a nilo lati ṣe NAT ti o nlo lati jẹ ki nigba gbigba ijabọ, ipade iṣakoso ni oye pe ijabọ yii jẹ ipinnu fun ẹrọ foju A ti alabara A, eyiti o tumọ si pe a nilo lati ṣe itumọ NAT lati adirẹsi ita, fun apẹẹrẹ 100.1.1.1 .10.0.0.1, si ohun ti abẹnu adirẹsi 100. Ni ọran yii, botilẹjẹpe gbogbo awọn alabara yoo lo nẹtiwọọki kanna, ipinya inu ti wa ni ipamọ patapata. Iyẹn ni, a nilo lati ṣe dNAT ati sNAT lori ipade iṣakoso. Boya lati lo nẹtiwọki kan pẹlu awọn adirẹsi lilefoofo tabi awọn nẹtiwọki ita, tabi mejeeji ni ẹẹkan, da lori ohun ti o fẹ mu sinu awọsanma. A kii yoo ṣafikun awọn adirẹsi lilefoofo si aworan atọka, ṣugbọn yoo lọ kuro ni awọn nẹtiwọọki ita ti a ṣafikun tẹlẹ - alabara kọọkan ni nẹtiwọọki itagbangba tirẹ (ninu aworan atọka wọn tọka bi vlan 200 ati XNUMX lori wiwo ita).

Bi abajade, a gba ohun ti o nifẹ ati ni akoko kanna ojutu ti a ti ronu daradara, eyiti o ni irọrun kan ṣugbọn ko sibẹsibẹ ni awọn ilana ifarada aṣiṣe.

Ni akọkọ, a ni ipade iṣakoso kan nikan - ikuna rẹ yoo ja si iparun ti gbogbo awọn eto. Lati ṣatunṣe iṣoro yii, o nilo lati ṣe o kere ju korum kan ti awọn apa 3. Jẹ ki a fi eyi kun apẹrẹ:

Nipa ti, gbogbo awọn apa ti wa ni mimuuṣiṣẹpọ ati nigbati oju ipade ti nṣiṣe lọwọ lọ, ipade miiran yoo gba awọn ojuse rẹ.

Iṣoro atẹle jẹ awọn disiki ẹrọ foju. Ni akoko, wọn ti wa ni ipamọ lori awọn hypervisors ara wọn, ati ni irú ti awọn iṣoro pẹlu awọn hypervisor, a padanu gbogbo awọn data - ati awọn niwaju kan igbogun ti yoo ko ran nibi ti a ko ba padanu disk, ṣugbọn gbogbo olupin. Lati ṣe eyi, a nilo lati ṣe iṣẹ kan ti yoo ṣiṣẹ bi opin iwaju fun iru ipamọ kan. Iru ibi ipamọ wo ni kii ṣe pataki si wa, ṣugbọn o yẹ ki o daabobo data wa lati ikuna ti disk mejeeji ati ipade, ati o ṣee ṣe gbogbo minisita. Awọn aṣayan pupọ wa nibi - awọn nẹtiwọọki SAN wa, nitorinaa, awọn nẹtiwọọki SAN pẹlu ikanni Fiber, ṣugbọn jẹ ki a jẹ ooto - FC ti jẹ ohun ti o ti kọja tẹlẹ - afọwọṣe ti E1 ni gbigbe - bẹẹni, Mo gba, o tun lo, ṣugbọn nikan ni ibi ti o jẹ Egba ko ṣee ṣe laisi rẹ. Nitorinaa, Emi kii yoo ṣe atinuwa mu nẹtiwọọki FC kan ni ọdun 2020, ni mimọ pe awọn omiiran miiran ti o nifẹ si wa. Botilẹjẹpe si ọkọọkan tirẹ, o le jẹ awọn ti o gbagbọ pe FC pẹlu gbogbo awọn idiwọn rẹ ni gbogbo ohun ti a nilo - Emi kii yoo jiyan, gbogbo eniyan ni ero tirẹ. Sibẹsibẹ, ojutu ti o nifẹ julọ ni ero mi ni lati lo SDS kan, bii Ceph.

Ceph ngbanilaaye lati kọ ojutu ibi ipamọ data ti o wa ga pupọ pẹlu opo ti awọn aṣayan afẹyinti ti o ṣeeṣe, bẹrẹ pẹlu awọn koodu pẹlu iṣayẹwo ijẹẹmu (afọwọṣe si igbogun ti 5 tabi 6) ipari pẹlu isọdọtun data ni kikun si awọn disiki oriṣiriṣi, ni akiyesi ipo ti awọn disiki ni awọn olupin, ati awọn olupin ni awọn apoti ohun ọṣọ, ati bẹbẹ lọ.

Lati kọ Ceph o nilo awọn apa 3 diẹ sii. Ibaraṣepọ pẹlu ibi ipamọ yoo tun ṣee ṣe nipasẹ nẹtiwọọki nipa lilo bulọki, ohun ati awọn iṣẹ ibi ipamọ faili. Jẹ ki a ṣafikun ibi ipamọ si eto naa:

Akiyesi: o tun le ṣe awọn apa oniṣiro hyperconverged - eyi ni imọran ti apapọ awọn iṣẹ lọpọlọpọ lori ipade kan - fun apẹẹrẹ, ibi ipamọ + iṣiro - laisi iyasọtọ awọn apa pataki fun ibi ipamọ ceph. A yoo gba ero ifarada-ẹbi kanna - nitori SDS yoo ṣe ifipamọ data pẹlu ipele ifiṣura ti a pato. Sibẹsibẹ, awọn apa hyperconverged nigbagbogbo jẹ adehun - nitori ipade ibi ipamọ ko kan ooru afẹfẹ bi o ti dabi ni wiwo akọkọ (niwọn igba ti ko si awọn ẹrọ foju lori rẹ) - o na awọn orisun Sipiyu lori sisẹ SDS (ni otitọ, o ṣe gbogbo rẹ). atunkọ ati imularada lẹhin awọn ikuna ti awọn apa, awọn disiki, bbl). Iyẹn ni, iwọ yoo padanu diẹ ninu agbara ti node oniṣiro ti o ba darapọ pẹlu ibi ipamọ.

Gbogbo nkan wọnyi nilo lati ṣakoso ni bakanna - a nilo nkankan nipasẹ eyiti a le ṣẹda ẹrọ kan, nẹtiwọọki kan, olulana foju kan, bbl Lati ṣe eyi, a yoo ṣafikun iṣẹ kan si ipade iṣakoso ti yoo ṣiṣẹ bi dasibodu - awọn alabara yoo ni anfani lati sopọ si ọna abawọle yii nipasẹ http / https ati ṣe ohun gbogbo ti o nilo (daradara, o fẹrẹ).

Bi abajade, bayi a ni eto ifarada-aṣiṣe. Gbogbo awọn eroja ti amayederun yii gbọdọ wa ni iṣakoso ni ọna kan. O ti ṣapejuwe tẹlẹ pe Openstack jẹ eto awọn iṣẹ akanṣe, ọkọọkan eyiti o pese iṣẹ kan pato. Gẹgẹbi a ti rii, awọn eroja ti o to ju ti o nilo lati tunto ati iṣakoso. Loni a yoo sọrọ nipa apakan nẹtiwọki.

Neutroni faaji

Ni OpenStack, Neutroni ni o ni iduro fun sisopọ awọn ebute oko oju ẹrọ foju si nẹtiwọọki L2 ti o wọpọ, aridaju ipa-ọna opopona laarin awọn VM ti o wa lori awọn nẹtiwọọki L2 oriṣiriṣi, bakanna bi ipa ọna ita, pese awọn iṣẹ bii NAT, Lilefoofo IP, DHCP, ati bẹbẹ lọ.

Ni ipele giga, iṣẹ ti iṣẹ nẹtiwọki (apakan ipilẹ) le ṣe apejuwe bi atẹle.

Nigbati o ba bẹrẹ VM, iṣẹ nẹtiwọki:

1. Ṣẹda a ibudo fun a fi VM (tabi ebute oko) ati ki o leti DHCP iṣẹ nipa o;
2. Ẹrọ nẹtiwọọki foju tuntun ti ṣẹda (nipasẹ libvirt);
3. VM sopọ si ibudo (awọn) ti a ṣẹda ni igbesẹ 1;

Ni iyalẹnu, iṣẹ Neutroni da lori awọn ọna ṣiṣe boṣewa ti o faramọ si gbogbo eniyan ti o ti lọ sinu Linux - awọn aaye orukọ, iptables, awọn afara linux, openvswitch, conntrack, ati bẹbẹ lọ.

O yẹ ki o ṣalaye lẹsẹkẹsẹ pe Neutron kii ṣe oludari SDN.

Neutroni ni ọpọlọpọ awọn paati ti o ni asopọ pọ:

Opentack-neutron-server jẹ daemon ti o ṣiṣẹ pẹlu awọn ibeere olumulo nipasẹ API. Ẹmi èṣu yii ko ni ipa ninu iforukọsilẹ eyikeyi awọn asopọ nẹtiwọọki, ṣugbọn pese alaye pataki fun eyi si awọn afikun rẹ, eyiti lẹhinna tunto nkan nẹtiwọọki ti o fẹ. Awọn aṣoju Neutroni lori awọn apa OpenStack forukọsilẹ pẹlu olupin Neutron.

Olupin Neutroni jẹ ohun elo ti a kọ ni Python, ti o ni awọn ẹya meji:

• REST iṣẹ
• Ohun itanna Neutroni (mojuto/iṣẹ)

Iṣẹ REST jẹ apẹrẹ lati gba awọn ipe API lati awọn paati miiran (fun apẹẹrẹ, ibeere kan lati pese alaye diẹ, ati bẹbẹ lọ)

Awọn afikun jẹ awọn paati sọfitiwia / awọn modulu plug-in ti a pe lakoko awọn ibeere API - iyẹn ni, iyasọtọ ti iṣẹ kan waye nipasẹ wọn. Awọn afikun ti pin si awọn oriṣi meji - iṣẹ ati gbongbo. Gẹgẹbi ofin, ohun itanna ẹṣin jẹ iduro pataki fun ṣiṣakoso aaye adirẹsi ati awọn asopọ L2 laarin awọn VM, ati awọn afikun iṣẹ ti pese awọn iṣẹ ṣiṣe afikun bi VPN tabi FW.

Akojọ awọn afikun ti o wa loni ni a le wo fun apẹẹrẹ nibi

Awọn afikun iṣẹ lọpọlọpọ le wa, ṣugbọn ohun itanna ẹṣin kan le jẹ.

openstack-neutroni-ml2 ni boṣewa Openstack root itanna. Ohun itanna yii ni faaji apọjuwọn (ko dabi ẹni ti o ti ṣaju rẹ) ati tunto iṣẹ nẹtiwọọki nipasẹ awọn awakọ ti o sopọ mọ rẹ. A yoo wo ohun itanna funrararẹ diẹ sẹhin, nitori ni otitọ o funni ni irọrun ti OpenStack ni apakan nẹtiwọọki. Ohun itanna gbongbo le rọpo (fun apẹẹrẹ, Nẹtiwọki Contrail ṣe iru rirọpo).

Iṣẹ RPC (olupin Rabbitmq) - iṣẹ kan ti o pese iṣakoso isinyin ati ibaraenisepo pẹlu awọn iṣẹ OpenStack miiran, bakanna bi ibaraenisepo laarin awọn aṣoju iṣẹ nẹtiwọki.

Awọn aṣoju nẹtiwọki - awọn aṣoju ti o wa ni ipade kọọkan, nipasẹ eyiti awọn iṣẹ nẹtiwọọki ti tunto.

Orisirisi awọn aṣoju wa.

Aṣoju akọkọ ni L2 oluranlowo. Awọn aṣoju wọnyi nṣiṣẹ lori ọkọọkan awọn hypervisors, pẹlu awọn apa iṣakoso (diẹ sii ni pipe, lori gbogbo awọn apa ti o pese iṣẹ eyikeyi fun awọn ayalegbe) ati iṣẹ akọkọ wọn ni lati so awọn ẹrọ foju pọ si nẹtiwọọki L2 ti o wọpọ, ati tun ṣe awọn itaniji nigbati eyikeyi awọn iṣẹlẹ waye ( fun apẹẹrẹ mu / jeki ibudo).

Nigbamii ti, ko si aṣoju pataki ti o kere ju L3 oluranlowo. Nipa aiyipada, aṣoju yii nṣiṣẹ ni iyasọtọ lori ipade nẹtiwọki kan (nigbagbogbo oju-ọna nẹtiwọki ti wa ni idapo pẹlu ipade iṣakoso) ati pese ipa-ọna laarin awọn nẹtiwọki ayalegbe (mejeeji laarin awọn nẹtiwọki rẹ ati awọn nẹtiwọki ti awọn ayalegbe miiran, ati pe o wa si aye ita, pese NAT, bakanna bi iṣẹ DHCP). Sibẹsibẹ, nigba lilo DVR (olutọpa pinpin), iwulo fun ohun itanna L3 tun han lori awọn apa oniṣiro.

Aṣoju L3 nlo awọn aaye orukọ Linux lati pese agbatọju kọọkan pẹlu ṣeto ti awọn nẹtiwọọki ti o ya sọtọ ati iṣẹ ṣiṣe ti awọn onimọ-ọna foju ti o da ọna opopona ati pese awọn iṣẹ ẹnu-ọna fun awọn nẹtiwọọki Layer 2.

database - aaye data ti awọn idamọ ti awọn nẹtiwọọki, awọn subnets, awọn ebute oko oju omi, awọn adagun-omi, ati bẹbẹ lọ.

Ni otitọ, Neutron gba awọn ibeere API lati ẹda ti awọn nkan nẹtiwọọki eyikeyi, jẹri ibeere naa, ati nipasẹ RPC (ti o ba wọle si diẹ ninu awọn ohun itanna tabi oluranlowo) tabi REST API (ti o ba sọrọ ni SDN) firanṣẹ si awọn aṣoju (nipasẹ awọn afikun) awọn awọn ilana pataki lati ṣeto iṣẹ ti o beere.

Bayi jẹ ki a yipada si fifi sori idanwo (bii o ṣe gbejade ati ohun ti o wa ninu rẹ, a yoo rii nigbamii ni apakan ti o wulo) ati wo ibiti paati kọọkan wa:

(overcloud) [stack@undercloud ~]$ openstack network agent list  
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host                                | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| 10495de9-ba4b-41fe-b30a-b90ec3f8728b | Open vSwitch agent | overcloud-novacompute-1.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| 1515ad4a-5972-46c3-af5f-e5446dff7ac7 | L3 agent           | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-l3-agent          |
| 322e62ca-1e5a-479e-9a96-4f26d09abdd7 | DHCP agent         | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 9c1de2f9-bac5-400e-998d-4360f04fc533 | Open vSwitch agent | overcloud-novacompute-0.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| d99c5657-851e-4d3c-bef6-f1e3bb1acfb0 | Open vSwitch agent | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-openvswitch-agent |
| ff85fae6-5543-45fb-a301-19c57b62d836 | Metadata agent     | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
(overcloud) [stack@undercloud ~]$ 

Lootọ, iyẹn ni gbogbo eto Neutroni. Bayi o tọ lati lo akoko diẹ lori ohun itanna ML2.

Apọjuwọn Layer 2

Gẹgẹbi a ti sọ loke, ohun itanna jẹ ohun itanna root OpenStack boṣewa ati pe o ni faaji modulu kan.

Aṣaaju ti ohun itanna ML2 ni eto monolithic, eyiti ko gba laaye, fun apẹẹrẹ, lilo apapọ awọn imọ-ẹrọ pupọ ni fifi sori ẹrọ kan. Fun apẹẹrẹ, o ko le lo mejeeji openvswitch ati linuxbridge ni akoko kanna - boya akọkọ tabi keji. Fun idi eyi, ohun itanna ML2 pẹlu faaji rẹ ti ṣẹda.

ML2 ni awọn paati meji - awọn oriṣi meji ti awakọ: Iru awakọ ati awakọ Mechanism.

Iru awakọ pinnu awọn imọ-ẹrọ ti yoo lo lati ṣeto awọn asopọ nẹtiwọọki, fun apẹẹrẹ VxLAN, VLAN, GRE. Ni akoko kanna, awakọ ngbanilaaye lilo awọn imọ-ẹrọ oriṣiriṣi. Awọn boṣewa ọna ẹrọ ni VxLAN encapsulation fun agbekọja nẹtiwọki ati vlan ita nẹtiwọki.

Awọn awakọ oriṣi pẹlu awọn iru nẹtiwọki wọnyi:

alapin - nẹtiwọki lai taagi
VLANs - tagged nẹtiwọki
agbegbe - Iru nẹtiwọki pataki kan fun awọn fifi sori ẹrọ gbogbo-ni-ọkan (iru awọn fifi sori ẹrọ ni a nilo boya fun awọn olupilẹṣẹ tabi fun ikẹkọ)
GRE - Nẹtiwọọki apọju nipa lilo awọn tunnels GRE
VxLAN - Nẹtiwọọki apọju nipa lilo awọn eefin VxLAN

Awọn awakọ ẹrọ ṣalaye awọn irinṣẹ ti o rii daju iṣeto ti awọn imọ-ẹrọ pato ninu iru awakọ - fun apẹẹrẹ, openvswitch, sr-iov, opendaylight, OVN, bbl

Ti o da lori imuse ti awakọ yii, boya awọn aṣoju iṣakoso nipasẹ Neutron yoo ṣee lo, tabi awọn asopọ si oluṣakoso SDN ita yoo ṣee lo, eyiti o ṣe abojuto gbogbo awọn ọran ti o ni ibatan si siseto awọn nẹtiwọọki L2, ipa-ọna, ati bẹbẹ lọ.

Apeere: ti a ba lo ML2 papọ pẹlu OVS, lẹhinna oluranlowo L2 ti fi sori ẹrọ lori ipade iširo kọọkan ti o ṣakoso OVS. Bibẹẹkọ, ti a ba lo, fun apẹẹrẹ, OVN tabi OpenDayLight, lẹhinna iṣakoso OVS wa labẹ aṣẹ wọn - Neutron, nipasẹ ohun itanna gbongbo, fun awọn aṣẹ si oludari, ati pe o ti ṣe ohun ti a sọ tẹlẹ.

Jẹ ki a fẹlẹ soke lori Open vSwitch

Ni akoko yii, ọkan ninu awọn paati bọtini ti OpenStack jẹ Ṣii vSwitch.
Nigbati o ba nfi OpenStack sori ẹrọ laisi eyikeyi afikun SDN ataja gẹgẹbi Juniper Contrail tabi Nokia Nuage, OVS jẹ paati nẹtiwọọki akọkọ ti nẹtiwọọki awọsanma ati, papọ pẹlu iptables, conntrack, awọn aaye orukọ, ngbanilaaye lati ṣeto awọn nẹtiwọọki agbekọja pupọ-ni kikun. Nipa ti, paati yii le paarọ rẹ, fun apẹẹrẹ, nigba lilo awọn solusan SDN ti ẹni-kẹta (olutaja).

OVS jẹ iyipada sọfitiwia orisun ṣiṣi ti o jẹ apẹrẹ fun lilo ni awọn agbegbe ti o ni agbara bi olutaja ijabọ foju.

Ni akoko yii, OVS ni iṣẹ ṣiṣe to bojumu, eyiti o pẹlu awọn imọ-ẹrọ bii QoS, LACP, VLAN, VxLAN, GENEVE, OpenFlow, DPDK, ati bẹbẹ lọ.

Akiyesi: A ko lo OVS lakoko bi iyipada rirọ fun awọn iṣẹ tẹlifoonu ti o rù pupọ ati pe a ṣe apẹrẹ diẹ sii fun kere si bandiwidi-ibeere awọn iṣẹ IT gẹgẹbi olupin WEB tabi olupin meeli. Sibẹsibẹ, OVS ti wa ni idagbasoke siwaju sii ati awọn imuse lọwọlọwọ ti OVS ti ni ilọsiwaju pupọ si iṣẹ ati awọn agbara rẹ, eyiti o fun laaye laaye lati lo nipasẹ awọn oniṣẹ telecom pẹlu awọn iṣẹ ti kojọpọ pupọ, fun apẹẹrẹ, imuse OVS wa pẹlu atilẹyin fun isare DPDK.

Awọn paati pataki mẹta wa ti OVS ti o nilo lati mọ si:

• Ekuro module - paati ti o wa ni aaye ekuro ti o ṣe ilana ijabọ ti o da lori awọn ofin ti a gba lati apakan iṣakoso;
• vSwitch daemon (ovs-vswitchd) jẹ ilana ti a ṣe ifilọlẹ ni aaye olumulo ti o jẹ iduro fun siseto module ekuro - iyẹn ni, o ṣe aṣoju taara kannaa ti iṣẹ ti yipada.
• Olupin aaye data - aaye data agbegbe ti o wa lori ogun kọọkan ti o nṣiṣẹ OVS, ninu eyiti iṣeto ti wa ni ipamọ. Awọn oludari SDN le ṣe ibaraẹnisọrọ nipasẹ module yii nipa lilo ilana OVSDB.

Gbogbo eyi wa pẹlu eto iwadii aisan ati awọn ohun elo iṣakoso, gẹgẹbi ovs-vsctl, ovs-appctl, ovs-ofctl, ati bẹbẹ lọ.

Lọwọlọwọ, Opentack jẹ lilo pupọ nipasẹ awọn oniṣẹ telecom lati gbe awọn iṣẹ nẹtiwọọki lọ si ọdọ rẹ, gẹgẹbi EPC, SBC, HLR, ati bẹbẹ lọ Awọn iṣẹ kan le gbe laisi awọn iṣoro pẹlu OVS bi o ti jẹ, ṣugbọn fun apẹẹrẹ, EPC ṣe ilana ijabọ alabapin - lẹhinna o kọja nipasẹ iye nla ti ijabọ (bayi awọn iwọn ijabọ de ọdọ awọn ọgọọgọrun gigabits fun iṣẹju kan). Nipa ti, wiwakọ iru ijabọ nipasẹ aaye kernel (niwọn igba ti olutaja wa nibẹ nipasẹ aiyipada) kii ṣe imọran ti o dara julọ. Nitorinaa, OVS nigbagbogbo ma gbe lọ ni kikun ni aaye olumulo nipa lilo imọ-ẹrọ isare DPDK lati dari ijabọ lati NIC si aaye olumulo ti o kọja ekuro.

Akiyesi: fun awọsanma ti a fi ranṣẹ fun awọn iṣẹ telecom, o ṣee ṣe lati gbejade ijabọ lati oju-ọna oniṣiro ti o kọja OVS taara si ẹrọ iyipada. Awọn ilana SR-IOV ati Passthrough ni a lo fun idi eyi.

Bawo ni eyi ṣe n ṣiṣẹ lori ipilẹ gidi kan?

O dara, ni bayi jẹ ki a lọ si apakan ti o wulo ati rii bi gbogbo rẹ ṣe ṣiṣẹ ni iṣe.

Ni akọkọ, jẹ ki a gbe fifi sori Opentack kan ti o rọrun. Niwọn igba ti Emi ko ni ṣeto awọn olupin ni ọwọ fun awọn idanwo, a yoo pejọ apẹrẹ lori olupin ti ara kan lati awọn ẹrọ foju. Bẹẹni, nipa ti ara, iru ojutu kan ko dara fun awọn idi iṣowo, ṣugbọn lati rii apẹẹrẹ ti bii nẹtiwọọki n ṣiṣẹ ni Openstack, iru fifi sori ẹrọ to fun awọn oju. Pẹlupẹlu, iru fifi sori ẹrọ paapaa jẹ iyanilenu diẹ sii fun awọn idi ikẹkọ - niwọn igba ti o le gba ijabọ, ati bẹbẹ lọ.

Niwọn igba ti a nilo lati rii apakan ipilẹ nikan, a ko le lo awọn nẹtiwọọki pupọ ṣugbọn gbe ohun gbogbo soke nipa lilo awọn nẹtiwọọki meji nikan, ati pe nẹtiwọọki keji ni ifilelẹ yii yoo ṣee lo ni iyasọtọ fun iraye si olupin undercloud ati olupin DNS. A kii yoo fi ọwọ kan awọn nẹtiwọọki ita fun bayi - eyi jẹ koko-ọrọ fun nkan nla lọtọ.

Nitorina, jẹ ki a bẹrẹ ni ibere. Ni akọkọ, imọran kekere kan. A yoo fi Openstack sori ẹrọ ni lilo TripleO (Openstack on Openstack). Koko-ọrọ ti TripleO ni pe a fi sori ẹrọ Openstack gbogbo-in-ọkan (iyẹn ni, lori ipade kan), ti a pe ni undercloud, ati lẹhinna lo awọn agbara ti Opentack ti a fi ranṣẹ lati fi sori ẹrọ Openstack ti a pinnu fun iṣẹ, ti a pe ni overcloud. Undercloud yoo lo agbara atorunwa rẹ lati ṣakoso awọn olupin ti ara (irin igboro) - iṣẹ akanṣe Ironic - lati pese awọn hypervisors ti yoo ṣe awọn ipa ti iṣiro, iṣakoso, awọn apa ibi ipamọ. Iyẹn ni pe, a ko lo awọn irinṣẹ ẹnikẹta eyikeyi lati gbe Openstack ṣiṣẹ - a gbe Openstack ṣiṣẹ ni lilo Openstack. Yoo di alaye diẹ sii bi fifi sori ẹrọ nlọsiwaju, nitorinaa a kii yoo da duro nibẹ ki a lọ siwaju.

Akiyesi: Ninu nkan yii, nitori irọrun, Emi ko lo ipinya nẹtiwọọki fun awọn nẹtiwọọki inu Openstack, ṣugbọn ohun gbogbo ni a gbe lọ ni lilo nẹtiwọọki kan ṣoṣo. Sibẹsibẹ, wiwa tabi isansa ti ipinya nẹtiwọọki ko ni ipa lori iṣẹ ipilẹ ti ojutu - ohun gbogbo yoo ṣiṣẹ ni deede kanna bi nigba lilo ipinya, ṣugbọn ijabọ yoo ṣan lori nẹtiwọọki kanna. Fun fifi sori ẹrọ iṣowo, o jẹ pataki nipa ti ara lati lo ipinya nipa lilo awọn vlan ati awọn atọkun oriṣiriṣi. Fun apẹẹrẹ, ijabọ iṣakoso ibi ipamọ ceph ati ijabọ data funrararẹ (wiwọle ẹrọ si awọn disiki, ati bẹbẹ lọ) nigbati o ya sọtọ lo awọn subnets oriṣiriṣi (Iṣakoso Ibi ipamọ ati Ibi ipamọ) ati pe eyi n gba ọ laaye lati jẹ ki ojutu naa jẹ ọlọdun-ẹbi diẹ sii nipa pipin ijabọ yii, fun apẹẹrẹ. , kọja awọn oriṣiriṣi awọn ebute oko oju omi, tabi lilo awọn profaili QoS oriṣiriṣi fun oriṣiriṣi ijabọ ki ijabọ data ko fun pọ awọn ijabọ ifihan. Ninu ọran wa, wọn yoo lọ lori nẹtiwọọki kanna ati ni otitọ eyi ko ni opin wa ni eyikeyi ọna.

Akiyesi: Niwọn igba ti a yoo mu awọn ẹrọ foju ṣiṣẹ ni agbegbe foju kan ti o da lori awọn ẹrọ foju, a nilo akọkọ lati mu agbara agbara itẹ-ẹi ṣiṣẹ.

O le ṣayẹwo boya o ti mu iṣẹ-iṣere ile-itẹ sii ṣiṣẹ tabi kii ṣe bii eyi:

[root@hp-gen9 bormoglotx]# cat /sys/module/kvm_intel/parameters/nested
N
[root@hp-gen9 bormoglotx]# 

Ti o ba rii lẹta N, lẹhinna a mu atilẹyin ṣiṣẹ fun agbara agbara itẹle ni ibamu si eyikeyi itọsọna ti o rii lori nẹtiwọọki, fun apẹẹrẹ. iru .

A nilo lati pejọ Circuit atẹle lati awọn ẹrọ foju:

Ninu ọran mi, lati sopọ awọn ẹrọ foju ti o jẹ apakan ti fifi sori ọjọ iwaju (ati pe Mo ni 7 ninu wọn, ṣugbọn o le gba pẹlu 4 ti o ko ba ni ọpọlọpọ awọn orisun), Mo lo OpenvSwitch. Mo ti ṣẹda ọkan ovs Afara ati ti sopọ foju ero si o nipasẹ ibudo-ẹgbẹ. Lati ṣe eyi, Mo ṣẹda faili xml bi eleyi:

[root@hp-gen9 ~]# virsh net-dumpxml ovs-network-1        
<network>
  <name>ovs-network-1</name>
  <uuid>7a2e7de7-fc16-4e00-b1ed-4d190133af67</uuid>
  <forward mode='bridge'/>
  <bridge name='ovs-br1'/>
  <virtualport type='openvswitch'/>
  <portgroup name='trunk-1'>
    <vlan trunk='yes'>
      <tag id='100'/>
      <tag id='101'/>
      <tag id='102'/>
    </vlan>
  </portgroup>
  <portgroup name='access-100'>
    <vlan>
      <tag id='100'/>
    </vlan>
  </portgroup>
  <portgroup name='access-101'>
    <vlan>
      <tag id='101'/>
    </vlan>
  </portgroup>
</network>

Awọn ẹgbẹ ibudo mẹta ni a kede nibi - iraye si meji ati ẹhin mọto kan (a nilo igbehin fun olupin DNS, ṣugbọn o le ṣe laisi rẹ, tabi fi sii lori ẹrọ agbalejo - eyikeyi ti o rọrun fun ọ). Nigbamii, ni lilo awoṣe yii, a kede tiwa nipasẹ virsh net-define:

virsh net-define ovs-network-1.xml 
virsh net-start ovs-network-1 
virsh net-autostart ovs-network-1 

Bayi a ṣatunkọ awọn atunto ibudo hypervisor:

[root@hp-gen9 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens1f0   
TYPE=Ethernet
NAME=ens1f0
DEVICE=ens1f0
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=ovs-br1
ONBOOT=yes
OVS_OPTIONS="trunk=100,101,102"
[root@hp-gen9 ~]
[root@hp-gen9 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ovs-br1 
DEVICE=ovs-br1
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.255.200
PREFIX=24
[root@hp-gen9 ~]# 

Akiyesi: ni oju iṣẹlẹ yii, adirẹsi ti o wa lori ibudo ovs-br1 kii yoo wa nitori ko ni tag vlan kan. Lati ṣatunṣe eyi, o nilo lati fun ni aṣẹ sudo ovs-vsctl ṣeto ibudo ovs-br1 tag=100. Sibẹsibẹ, lẹhin atunbere, tag yii yoo parẹ (ti ẹnikẹni ba mọ bi o ṣe le jẹ ki o duro ni aaye, Emi yoo dupẹ pupọ). Ṣugbọn eyi kii ṣe pataki tobẹẹ, nitori a yoo nilo adirẹsi yii nikan lakoko fifi sori ẹrọ ati pe kii yoo nilo rẹ nigbati Openstack ti gbe lọ ni kikun.

Nigbamii, a ṣẹda ẹrọ labẹ awọsanma:

virt-install  -n undercloud --description "undercloud"  --os-type=Linux  --os-variant=centos7.0  --ram=8192  --vcpus=8  --disk path=/var/lib/libvirt/images/undercloud.qcow2,bus=virtio,size=40,format=qcow2 --network network:ovs-network-1,model=virtio,portgroup=access-100 --network network:ovs-network-1,model=virtio,portgroup=access-101 --graphics none  --location /var/lib/libvirt/boot/CentOS-7-x86_64-Minimal-2003.iso --extra-args console=ttyS0

Lakoko fifi sori ẹrọ, o ṣeto gbogbo awọn aye pataki, gẹgẹbi orukọ ẹrọ, awọn ọrọ igbaniwọle, awọn olumulo, awọn olupin ntp, ati bẹbẹ lọ, o le tunto awọn ebute oko oju omi lẹsẹkẹsẹ, ṣugbọn fun mi tikalararẹ, lẹhin fifi sori ẹrọ, o rọrun lati wọle sinu ẹrọ nipasẹ ẹrọ. console ati ṣatunṣe awọn faili pataki. Ti o ba ti ni aworan ti a ti ṣe tẹlẹ, o le lo, tabi ṣe ohun ti Mo ṣe - ṣe igbasilẹ aworan Centos 7 kere julọ ki o lo lati fi VM sori ẹrọ.

Lẹhin fifi sori aṣeyọri, o yẹ ki o ni ẹrọ foju lori eyiti o le fi sori ẹrọ labẹ awọsanma

[root@hp-gen9 bormoglotx]# virsh list
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 62    undercloud                     running

Ni akọkọ, fi sori ẹrọ awọn irinṣẹ pataki fun ilana fifi sori ẹrọ:

sudo yum update -y
sudo yum install -y net-tools
sudo yum install -y wget
sudo yum install -y ipmitool

Undercloud fifi sori

A ṣẹda olumulo akopọ, ṣeto ọrọ igbaniwọle kan, ṣafikun si sudoer ati fun ni agbara lati ṣiṣẹ awọn aṣẹ gbongbo nipasẹ sudo laisi nini lati tẹ ọrọ igbaniwọle sii:

useradd stack
passwd stack

echo “stack ALL=(root) NOPASSWD:ALL” > /etc/sudoers.d/stack
chmod 0440 /etc/sudoers.d/stack

Bayi a pato orukọ kikun labẹ awọsanma ninu faili ogun:

vi /etc/hosts

127.0.0.1   undercloud.openstack.rnd localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Nigbamii, a ṣafikun awọn ibi ipamọ ati fi sọfitiwia ti a nilo sii:

sudo yum install -y https://trunk.rdoproject.org/centos7/current/python2-tripleo-repos-0.0.1-0.20200409224957.8bac392.el7.noarch.rpm
sudo -E tripleo-repos -b queens current
sudo -E tripleo-repos -b queens current ceph
sudo yum install -y python-tripleoclient
sudo yum install -y ceph-ansible

Akiyesi: ti o ko ba gbero lati fi sori ẹrọ ceph, lẹhinna o ko nilo lati tẹ awọn aṣẹ ti o jọmọ ceph sii. Mo lo itusilẹ Queens, ṣugbọn o le lo eyikeyi miiran ti o fẹ.

Nigbamii, daakọ faili iṣeto labẹ awọsanma si akopọ ilana ile olumulo:

cp /usr/share/instack-undercloud/undercloud.conf.sample ~/undercloud.conf

Bayi a nilo lati ṣatunṣe faili yii, ṣatunṣe si fifi sori wa.

O nilo lati ṣafikun awọn ila wọnyi si ibẹrẹ faili naa:

vi undercloud.conf
[DEFAULT]
undercloud_hostname = undercloud.openstack.rnd
local_ip = 192.168.255.1/24
network_gateway = 192.168.255.1
undercloud_public_host = 192.168.255.2
undercloud_admin_host = 192.168.255.3
undercloud_nameservers = 192.168.255.253
generate_service_certificate = false
local_interface = eth0
local_mtu = 1450
network_cidr = 192.168.255.0/24
masquerade = true
masquerade_network = 192.168.255.0/24
dhcp_start = 192.168.255.11
dhcp_end = 192.168.255.50
inspection_iprange = 192.168.255.51,192.168.255.100
scheduler_max_attempts = 10

Nitorinaa, jẹ ki a lọ nipasẹ awọn eto:

undercloud_hostname - orukọ kikun ti olupin undercloud, gbọdọ baamu titẹ sii lori olupin DNS

local_ip - adirẹsi agbegbe labẹ awọsanma si ọna ipese nẹtiwọki

nẹtiwọki_adena - adirẹsi agbegbe kanna, eyiti yoo ṣiṣẹ bi ẹnu-ọna fun iraye si aye ita lakoko fifi sori awọn apa iboji, tun ṣe deede pẹlu ip agbegbe.

undercloud_public_host - Adirẹsi API ita, eyikeyi adirẹsi ọfẹ lati inu nẹtiwọọki ipese ni a yàn

undercloud_admin_host ti abẹnu API adirẹsi, eyikeyi free adirẹsi lati awọn ipese nẹtiwọki ti wa ni sọtọ

undercloud_nameservers - olupin DNS

ina_service_certificate - Laini yii ṣe pataki pupọ ninu apẹẹrẹ lọwọlọwọ, nitori ti o ko ba ṣeto si eke iwọ yoo gba aṣiṣe lakoko fifi sori ẹrọ, iṣoro naa jẹ apejuwe lori olutọpa kokoro Red Hat.

local_interface ni wiwo ni nẹtiwọki ipese. Ni wiwo yii yoo tun tunto lakoko imuṣiṣẹ labẹ awọsanma, nitorinaa o nilo lati ni awọn atọkun meji lori labẹ awọsanma - ọkan fun iwọle si, keji fun ipese

local_mtu - MTU. Niwọn igba ti a ni yàrá idanwo kan ati pe Mo ni MTU ti 1500 lori awọn ebute oko oju omi OVS, o jẹ dandan lati ṣeto si 1450 ki awọn apo-iwe ti a fi sinu VxLAN le kọja nipasẹ

nẹtiwọki_cidr - ipese nẹtiwọki

aṣiṣe - lilo NAT lati wọle si nẹtiwọki ita

masquerade_nẹtiwọki - nẹtiwọki ti yoo wa ni NATed

dhcp_bẹrẹ - adirẹsi ibẹrẹ ti adagun adirẹsi lati eyiti awọn adirẹsi yoo jẹ sọtọ si awọn apa lakoko imuṣiṣẹ overcloud

dhcp_opin - adirẹsi ikẹhin ti adagun adirẹsi lati eyiti awọn adirẹsi yoo wa ni sọtọ si awọn apa lakoko imuṣiṣẹ overcloud

ayewo_iprange - adagun ti awọn adirẹsi pataki fun introspection (ko yẹ ki o ni lqkan pẹlu adagun loke)

scheduler_max_igbiyanju - Nọmba ti o pọju ti awọn igbiyanju lati fi sori ẹrọ overcloud (gbọdọ jẹ tobi ju tabi dogba si nọmba awọn apa)

Lẹhin ti o ti ṣapejuwe faili naa, o le fun ni aṣẹ lati ran labẹ awọsanma:

openstack undercloud install

Ilana naa gba lati iṣẹju 10 si 30 da lori irin rẹ. Ni ipari o yẹ ki o wo abajade bi eleyi:

vi undercloud.conf
2020-08-13 23:13:12,668 INFO: 
#############################################################################
Undercloud install complete.

The file containing this installation's passwords is at
/home/stack/undercloud-passwords.conf.

There is also a stackrc file at /home/stack/stackrc.

These files are needed to interact with the OpenStack services, and should be
secured.

#############################################################################

Ijade yii sọ pe o ti fi sori ẹrọ ni aṣeyọri ati pe o le ṣayẹwo ipo ti undercloud ki o tẹsiwaju lati fi sori ẹrọ overcloud.

Ti o ba wo iṣẹjade ifconfig, iwọ yoo rii pe wiwo afara tuntun ti han

[stack@undercloud ~]$ ifconfig
br-ctlplane: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 192.168.255.1  netmask 255.255.255.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fe2c:89e  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:2c:08:9e  txqueuelen 1000  (Ethernet)
        RX packets 14  bytes 1095 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 1292 (1.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Ifilọlẹ Overcloud yoo ṣee ṣe ni bayi nipasẹ wiwo yii.

Lati abajade ti o wa ni isalẹ o le rii pe a ni gbogbo awọn iṣẹ lori ipade kan:

(undercloud) [stack@undercloud ~]$ openstack host list
+--------------------------+-----------+----------+
| Host Name                | Service   | Zone     |
+--------------------------+-----------+----------+
| undercloud.openstack.rnd | conductor | internal |
| undercloud.openstack.rnd | scheduler | internal |
| undercloud.openstack.rnd | compute   | nova     |
+--------------------------+-----------+----------+

Ni isalẹ ni iṣeto ti apakan nẹtiwọọki undercloud:

(undercloud) [stack@undercloud ~]$ python -m json.tool /etc/os-net-config/config.json 
{
    "network_config": [
        {
            "addresses": [
                {
                    "ip_netmask": "192.168.255.1/24"
                }
            ],
            "members": [
                {
                    "dns_servers": [
                        "192.168.255.253"
                    ],
                    "mtu": 1450,
                    "name": "eth0",
                    "primary": "true",
                    "type": "interface"
                }
            ],
            "mtu": 1450,
            "name": "br-ctlplane",
            "ovs_extra": [
                "br-set-external-id br-ctlplane bridge-id br-ctlplane"
            ],
            "routes": [],
            "type": "ovs_bridge"
        }
    ]
}
(undercloud) [stack@undercloud ~]$

Overcloud fifi sori

Ni akoko ti a nikan ni undercloud, ati awọn ti a ko ni to apa lati eyi ti overcloud yoo wa ni jọ. Nitorinaa, ni akọkọ, jẹ ki a gbe awọn ẹrọ foju ti a nilo. Lakoko imuṣiṣẹ, undercloud funrararẹ yoo fi OS sori ẹrọ ati sọfitiwia pataki lori ẹrọ overcloud - iyẹn ni, a ko nilo lati mu ẹrọ naa ṣiṣẹ patapata, ṣugbọn ṣẹda disk nikan (tabi awọn disiki) fun rẹ ki o pinnu awọn aye rẹ - iyẹn ni. , ni otitọ, a gba olupin igboro laisi OS ti a fi sori ẹrọ.

Jẹ ki a lọ si folda pẹlu awọn disiki ti awọn ẹrọ foju wa ki o ṣẹda awọn disiki ti iwọn ti o nilo:

cd /var/lib/libvirt/images/
qemu-img create -f qcow2 -o preallocation=metadata control-1.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata compute-1.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata compute-2.qcow2 60G
qemu-img create -f qcow2 -o preallocation=metadata storage-1.qcow2 160G
qemu-img create -f qcow2 -o preallocation=metadata storage-2.qcow2 160G

Niwọn bi a ti n ṣiṣẹ bi gbongbo, a nilo lati yi oniwun awọn disiki wọnyi pada ki a ma ba ni iṣoro pẹlu awọn ẹtọ:

[root@hp-gen9 images]# ls -lh
total 5.8G
drwxr-xr-x. 2 qemu qemu 4.0K Aug 13 16:15 backups
-rw-r--r--. 1 root root  61G Aug 14 03:07 compute-1.qcow2
-rw-r--r--. 1 root root  61G Aug 14 03:07 compute-2.qcow2
-rw-r--r--. 1 root root  61G Aug 14 03:07 control-1.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:03 dns-server.qcow2
-rw-r--r--. 1 root root 161G Aug 14 03:07 storage-1.qcow2
-rw-r--r--. 1 root root 161G Aug 14 03:07 storage-2.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:07 undercloud.qcow2
[root@hp-gen9 images]# 
[root@hp-gen9 images]# 
[root@hp-gen9 images]# chown qemu:qemu /var/lib/libvirt/images/*qcow2
[root@hp-gen9 images]# ls -lh
total 5.8G
drwxr-xr-x. 2 qemu qemu 4.0K Aug 13 16:15 backups
-rw-r--r--. 1 qemu qemu  61G Aug 14 03:07 compute-1.qcow2
-rw-r--r--. 1 qemu qemu  61G Aug 14 03:07 compute-2.qcow2
-rw-r--r--. 1 qemu qemu  61G Aug 14 03:07 control-1.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:03 dns-server.qcow2
-rw-r--r--. 1 qemu qemu 161G Aug 14 03:07 storage-1.qcow2
-rw-r--r--. 1 qemu qemu 161G Aug 14 03:07 storage-2.qcow2
-rw-------. 1 qemu qemu  41G Aug 14 03:08 undercloud.qcow2
[root@hp-gen9 images]# 

Akiyesi: ti o ko ba gbero lati fi sori ẹrọ ceph lati le ṣe iwadi rẹ, lẹhinna awọn aṣẹ ko ṣẹda o kere ju awọn apa 3 pẹlu o kere ju awọn disiki meji, ṣugbọn ninu awoṣe fihan pe awọn disiki foju vda, vdb, bbl yoo ṣee lo.

Nla, ni bayi a nilo lati ṣalaye gbogbo awọn ẹrọ wọnyi:

virt-install --name control-1 --ram 32768 --vcpus 8 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/control-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --network network:ovs-network-1,model=virtio,portgroup=trunk-1 --dry-run --print-xml > /tmp/control-1.xml  

virt-install --name storage-1 --ram 16384 --vcpus 4 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/storage-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/storage-1.xml  

virt-install --name storage-2 --ram 16384 --vcpus 4 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/storage-2.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/storage-2.xml  

virt-install --name compute-1 --ram 32768 --vcpus 12 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/compute-1.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/compute-1.xml  

virt-install --name compute-2 --ram 32768 --vcpus 12 --os-variant centos7.0 --disk path=/var/lib/libvirt/images/compute-2.qcow2,device=disk,bus=virtio,format=qcow2 --noautoconsole --vnc  --network network:ovs-network-1,model=virtio,portgroup=access-100 --dry-run --print-xml > /tmp/compute-2.xml 

Ni ipari aṣẹ kan wa -print-xml> /tmp/storage-1.xml, eyiti o ṣẹda faili xml pẹlu apejuwe ẹrọ kọọkan ninu folda /tmp/; ti o ko ba ṣafikun, iwọ kii yoo jẹ. anfani lati da foju ero.

Bayi a nilo lati ṣalaye gbogbo awọn ẹrọ wọnyi ni virsh:

virsh define --file /tmp/control-1.xml
virsh define --file /tmp/compute-1.xml
virsh define --file /tmp/compute-2.xml
virsh define --file /tmp/storage-1.xml
virsh define --file /tmp/storage-2.xml

[root@hp-gen9 ~]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 64    undercloud                     running
 -     compute-1                      shut off
 -     compute-2                      shut off
 -     control-1                      shut off
 -     storage-1                      shut off
 -     storage-2                      shut off

[root@hp-gen9 ~]#

Bayi nuance kekere kan - tripleO nlo IPMI lati ṣakoso awọn olupin lakoko fifi sori ẹrọ ati introspection.

Introspection jẹ ilana ti ayewo ohun elo lati le gba awọn paramita rẹ pataki fun ipese siwaju ti awọn apa. Introspection wa ni ti gbe jade nipa lilo ironic, a iṣẹ še lati ṣiṣẹ pẹlu igboro irin apèsè.

Ṣugbọn eyi ni iṣoro naa - lakoko ti awọn olupin IPMI hardware ni ibudo lọtọ (tabi ibudo pinpin, ṣugbọn eyi kii ṣe pataki), lẹhinna awọn ẹrọ foju ko ni iru awọn ebute oko oju omi. Nibi crutch kan ti a pe ni vbmc wa si iranlọwọ wa - ohun elo ti o fun ọ laaye lati farawe ibudo IPMI kan. Nuance yii tọ lati san ifojusi si paapaa fun awọn ti o fẹ lati ṣeto iru yàrá kan lori hypervisor ESXI - lati sọ otitọ, Emi ko mọ boya o ni afọwọṣe ti vbmc, nitorinaa o tọ lati ṣe iyalẹnu nipa ọran yii ṣaaju gbigbe ohun gbogbo lọ. .

Fi sori ẹrọ vbmc:

yum install yum install python2-virtualbmc

Ti OS rẹ ko ba le rii package, lẹhinna ṣafikun ibi ipamọ naa:

yum install -y https://www.rdoproject.org/repos/rdo-release.rpm

Bayi a ṣeto ohun elo naa. Ohun gbogbo nibi jẹ banal si aaye itiju. Bayi o jẹ ọgbọn pe ko si olupin ninu atokọ vbmc

[root@hp-gen9 ~]# vbmc list

[root@hp-gen9 ~]# 

Fun wọn lati han, wọn gbọdọ jẹ ikede pẹlu ọwọ bi eleyi:

[root@hp-gen9 ~]# vbmc add control-1 --port 7001 --username admin --password admin
[root@hp-gen9 ~]# vbmc add storage-1 --port 7002 --username admin --password admin
[root@hp-gen9 ~]# vbmc add storage-2 --port 7003 --username admin --password admin
[root@hp-gen9 ~]# vbmc add compute-1 --port 7004 --username admin --password admin
[root@hp-gen9 ~]# vbmc add compute-2 --port 7005 --username admin --password admin
[root@hp-gen9 ~]#
[root@hp-gen9 ~]# vbmc list
+-------------+--------+---------+------+
| Domain name | Status | Address | Port |
+-------------+--------+---------+------+
| compute-1   | down   | ::      | 7004 |
| compute-2   | down   | ::      | 7005 |
| control-1   | down   | ::      | 7001 |
| storage-1   | down   | ::      | 7002 |
| storage-2   | down   | ::      | 7003 |
+-------------+--------+---------+------+
[root@hp-gen9 ~]#

Mo ro pe sintasi aṣẹ jẹ kedere laisi alaye. Sibẹsibẹ, fun bayi gbogbo awọn akoko wa ni ipo isalẹ. Fun wọn lati lọ si ipo UP, o nilo lati mu wọn ṣiṣẹ:

[root@hp-gen9 ~]# vbmc start control-1
2020-08-14 03:15:57,826.826 13149 INFO VirtualBMC [-] Started vBMC instance for domain control-1
[root@hp-gen9 ~]# vbmc start storage-1 
2020-08-14 03:15:58,316.316 13149 INFO VirtualBMC [-] Started vBMC instance for domain storage-1
[root@hp-gen9 ~]# vbmc start storage-2
2020-08-14 03:15:58,851.851 13149 INFO VirtualBMC [-] Started vBMC instance for domain storage-2
[root@hp-gen9 ~]# vbmc start compute-1
2020-08-14 03:15:59,307.307 13149 INFO VirtualBMC [-] Started vBMC instance for domain compute-1
[root@hp-gen9 ~]# vbmc start compute-2
2020-08-14 03:15:59,712.712 13149 INFO VirtualBMC [-] Started vBMC instance for domain compute-2
[root@hp-gen9 ~]# 
[root@hp-gen9 ~]# 
[root@hp-gen9 ~]# vbmc list
+-------------+---------+---------+------+
| Domain name | Status  | Address | Port |
+-------------+---------+---------+------+
| compute-1   | running | ::      | 7004 |
| compute-2   | running | ::      | 7005 |
| control-1   | running | ::      | 7001 |
| storage-1   | running | ::      | 7002 |
| storage-2   | running | ::      | 7003 |
+-------------+---------+---------+------+
[root@hp-gen9 ~]#

Ati ifọwọkan ikẹhin - o nilo lati ṣe atunṣe awọn ofin ogiriina (tabi mu ṣiṣẹ patapata):

firewall-cmd --zone=public --add-port=7001/udp --permanent
firewall-cmd --zone=public --add-port=7002/udp --permanent
firewall-cmd --zone=public --add-port=7003/udp --permanent
firewall-cmd --zone=public --add-port=7004/udp --permanent
firewall-cmd --zone=public --add-port=7005/udp --permanent
firewall-cmd --reload

Bayi jẹ ki a lọ si undercloud ki o ṣayẹwo pe ohun gbogbo n ṣiṣẹ. Adirẹsi ti ẹrọ agbalejo jẹ 192.168.255.200, lori undercloud a ṣafikun package ipmitool pataki lakoko igbaradi fun imuṣiṣẹ:

[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power status          
Chassis Power is off
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power on
Chassis Power Control: Up/On
[stack@undercloud ~]$ 

[root@hp-gen9 ~]# virsh list 
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 64    undercloud                     running
 65    control-1                      running

Bi o ti le rii, a ti ṣe ifilọlẹ ni aṣeyọri ni ipade iṣakoso nipasẹ vbmc. Bayi jẹ ki a pa a ki o tẹsiwaju:

[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power off
Chassis Power Control: Down/Off
[stack@undercloud ~]$ ipmitool -I lanplus -U admin -P admin -H 192.168.255.200 -p 7001 power status
Chassis Power is off
[stack@undercloud ~]$ 

[root@hp-gen9 ~]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 6     dns-server                     running
 64    undercloud                     running
 -     compute-1                      shut off
 -     compute-2                      shut off
 -     control-1                      shut off
 -     storage-1                      shut off
 -     storage-2                      shut off

[root@hp-gen9 ~]#

Igbesẹ ti o tẹle ni ifarabalẹ ti awọn apa lori eyiti a yoo fi sori ẹrọ overcloud. Lati ṣe eyi, a nilo lati mura faili json pẹlu apejuwe awọn apa wa. Jọwọ ṣe akiyesi pe, laisi fifi sori ẹrọ lori awọn olupin igboro, faili naa tọka si ibudo eyiti vbmc n ṣiṣẹ fun ẹrọ kọọkan.

[root@hp-gen9 ~]# virsh domiflist --domain control-1 
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:20:a2:2f
-          network    ovs-network-1 virtio      52:54:00:3f:87:9f

[root@hp-gen9 ~]# virsh domiflist --domain compute-1
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:98:e9:d6

[root@hp-gen9 ~]# virsh domiflist --domain compute-2
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:6a:ea:be

[root@hp-gen9 ~]# virsh domiflist --domain storage-1
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:79:0b:cb

[root@hp-gen9 ~]# virsh domiflist --domain storage-2
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    ovs-network-1 virtio      52:54:00:a7:fe:27

Akiyesi: ipade iṣakoso ni awọn atọkun meji, ṣugbọn ninu idi eyi eyi ko ṣe pataki, ninu fifi sori ẹrọ yii ọkan yoo to fun wa.

Bayi a mura faili json. A nilo lati tọka adirẹsi poppy ti ibudo nipasẹ eyiti ipese yoo ṣee ṣe, awọn aye ti awọn apa, fun wọn ni awọn orukọ ati tọka bi o ṣe le de ipmi:

{
    "nodes":[
        {
            "mac":[
                "52:54:00:20:a2:2f"
            ],
            "cpu":"8",
            "memory":"32768",
            "disk":"60",
            "arch":"x86_64",
            "name":"control-1",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7001"
        },
        {
            "mac":[
                "52:54:00:79:0b:cb"
            ],
            "cpu":"4",
            "memory":"16384",
            "disk":"160",
            "arch":"x86_64",
            "name":"storage-1",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7002"
        },
        {
            "mac":[
                "52:54:00:a7:fe:27"
            ],
            "cpu":"4",
            "memory":"16384",
            "disk":"160",
            "arch":"x86_64",
            "name":"storage-2",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7003"
        },
        {
            "mac":[
                "52:54:00:98:e9:d6"
            ],
            "cpu":"12",
            "memory":"32768",
            "disk":"60",
            "arch":"x86_64",
            "name":"compute-1",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7004"
        },
        {
            "mac":[
                "52:54:00:6a:ea:be"
            ],
            "cpu":"12",
            "memory":"32768",
            "disk":"60",
            "arch":"x86_64",
            "name":"compute-2",
            "pm_type":"pxe_ipmitool",
            "pm_user":"admin",
            "pm_password":"admin",
            "pm_addr":"192.168.255.200",
            "pm_port":"7005"
        }
    ]
}

Bayi a nilo lati ṣeto awọn aworan fun ironic. Lati ṣe eyi, ṣe igbasilẹ wọn nipasẹ wget ki o fi sii:

(undercloud) [stack@undercloud ~]$ sudo wget https://images.rdoproject.org/queens/delorean/current-tripleo-rdo/overcloud-full.tar --no-check-certificate
(undercloud) [stack@undercloud ~]$ sudo wget https://images.rdoproject.org/queens/delorean/current-tripleo-rdo/ironic-python-agent.tar --no-check-certificate
(undercloud) [stack@undercloud ~]$ ls -lh
total 1.9G
-rw-r--r--. 1 stack stack 447M Aug 14 10:26 ironic-python-agent.tar
-rw-r--r--. 1 stack stack 1.5G Aug 14 10:26 overcloud-full.tar
-rw-------. 1 stack stack  916 Aug 13 23:10 stackrc
-rw-r--r--. 1 stack stack  15K Aug 13 22:50 undercloud.conf
-rw-------. 1 stack stack 2.0K Aug 13 22:50 undercloud-passwords.conf
(undercloud) [stack@undercloud ~]$ mkdir images/
(undercloud) [stack@undercloud ~]$ tar -xpvf ironic-python-agent.tar -C ~/images/
ironic-python-agent.initramfs
ironic-python-agent.kernel
(undercloud) [stack@undercloud ~]$ tar -xpvf overcloud-full.tar -C ~/images/                       
overcloud-full.qcow2
overcloud-full.initrd
overcloud-full.vmlinuz
(undercloud) [stack@undercloud ~]$ 
(undercloud) [stack@undercloud ~]$ ls -lh images/
total 1.9G
-rw-rw-r--. 1 stack stack 441M Aug 12 17:24 ironic-python-agent.initramfs
-rwxr-xr-x. 1 stack stack 6.5M Aug 12 17:24 ironic-python-agent.kernel
-rw-r--r--. 1 stack stack  53M Aug 12 17:14 overcloud-full.initrd
-rw-r--r--. 1 stack stack 1.4G Aug 12 17:18 overcloud-full.qcow2
-rwxr-xr-x. 1 stack stack 6.5M Aug 12 17:14 overcloud-full.vmlinuz
(undercloud) [stack@undercloud ~]$

Gbigbe awọn aworan si abẹ awọsanma:

(undercloud) [stack@undercloud ~]$ openstack overcloud image upload --image-path ~/images/
Image "overcloud-full-vmlinuz" was uploaded.
+--------------------------------------+------------------------+-------------+---------+--------+
|                  ID                  |          Name          | Disk Format |   Size  | Status |
+--------------------------------------+------------------------+-------------+---------+--------+
| c2553770-3e0f-4750-b46b-138855b5c385 | overcloud-full-vmlinuz |     aki     | 6761064 | active |
+--------------------------------------+------------------------+-------------+---------+--------+
Image "overcloud-full-initrd" was uploaded.
+--------------------------------------+-----------------------+-------------+----------+--------+
|                  ID                  |          Name         | Disk Format |   Size   | Status |
+--------------------------------------+-----------------------+-------------+----------+--------+
| 949984e0-4932-4e71-af43-d67a38c3dc89 | overcloud-full-initrd |     ari     | 55183045 | active |
+--------------------------------------+-----------------------+-------------+----------+--------+
Image "overcloud-full" was uploaded.
+--------------------------------------+----------------+-------------+------------+--------+
|                  ID                  |      Name      | Disk Format |    Size    | Status |
+--------------------------------------+----------------+-------------+------------+--------+
| a2f2096d-c9d7-429a-b866-c7543c02a380 | overcloud-full |    qcow2    | 1487475712 | active |
+--------------------------------------+----------------+-------------+------------+--------+
Image "bm-deploy-kernel" was uploaded.
+--------------------------------------+------------------+-------------+---------+--------+
|                  ID                  |       Name       | Disk Format |   Size  | Status |
+--------------------------------------+------------------+-------------+---------+--------+
| e413aa78-e38f-404c-bbaf-93e582a8e67f | bm-deploy-kernel |     aki     | 6761064 | active |
+--------------------------------------+------------------+-------------+---------+--------+
Image "bm-deploy-ramdisk" was uploaded.
+--------------------------------------+-------------------+-------------+-----------+--------+
|                  ID                  |        Name       | Disk Format |    Size   | Status |
+--------------------------------------+-------------------+-------------+-----------+--------+
| 5cf3aba4-0e50-45d3-929f-27f025dd6ce3 | bm-deploy-ramdisk |     ari     | 461759376 | active |
+--------------------------------------+-------------------+-------------+-----------+--------+
(undercloud) [stack@undercloud ~]$

Ṣiṣayẹwo pe gbogbo awọn aworan ti kojọpọ

(undercloud) [stack@undercloud ~]$  openstack image list
+--------------------------------------+------------------------+--------+
| ID                                   | Name                   | Status |
+--------------------------------------+------------------------+--------+
| e413aa78-e38f-404c-bbaf-93e582a8e67f | bm-deploy-kernel       | active |
| 5cf3aba4-0e50-45d3-929f-27f025dd6ce3 | bm-deploy-ramdisk      | active |
| a2f2096d-c9d7-429a-b866-c7543c02a380 | overcloud-full         | active |
| 949984e0-4932-4e71-af43-d67a38c3dc89 | overcloud-full-initrd  | active |
| c2553770-3e0f-4750-b46b-138855b5c385 | overcloud-full-vmlinuz | active |
+--------------------------------------+------------------------+--------+
(undercloud) [stack@undercloud ~]$

Ohun kan diẹ sii - o nilo lati ṣafikun olupin DNS kan:

(undercloud) [stack@undercloud ~]$ openstack subnet list
+--------------------------------------+-----------------+--------------------------------------+------------------+
| ID                                   | Name            | Network                              | Subnet           |
+--------------------------------------+-----------------+--------------------------------------+------------------+
| f45dea46-4066-42aa-a3c4-6f84b8120cab | ctlplane-subnet | 6ca013dc-41c2-42d8-9d69-542afad53392 | 192.168.255.0/24 |
+--------------------------------------+-----------------+--------------------------------------+------------------+
(undercloud) [stack@undercloud ~]$ openstack subnet show f45dea46-4066-42aa-a3c4-6f84b8120cab
+-------------------+-----------------------------------------------------------+
| Field             | Value                                                     |
+-------------------+-----------------------------------------------------------+
| allocation_pools  | 192.168.255.11-192.168.255.50                             |
| cidr              | 192.168.255.0/24                                          |
| created_at        | 2020-08-13T20:10:37Z                                      |
| description       |                                                           |
| dns_nameservers   |                                                           |
| enable_dhcp       | True                                                      |
| gateway_ip        | 192.168.255.1                                             |
| host_routes       | destination='169.254.169.254/32', gateway='192.168.255.1' |
| id                | f45dea46-4066-42aa-a3c4-6f84b8120cab                      |
| ip_version        | 4                                                         |
| ipv6_address_mode | None                                                      |
| ipv6_ra_mode      | None                                                      |
| name              | ctlplane-subnet                                           |
| network_id        | 6ca013dc-41c2-42d8-9d69-542afad53392                      |
| prefix_length     | None                                                      |
| project_id        | a844ccfcdb2745b198dde3e1b28c40a3                          |
| revision_number   | 0                                                         |
| segment_id        | None                                                      |
| service_types     |                                                           |
| subnetpool_id     | None                                                      |
| tags              |                                                           |
| updated_at        | 2020-08-13T20:10:37Z                                      |
+-------------------+-----------------------------------------------------------+
(undercloud) [stack@undercloud ~]$ 
(undercloud) [stack@undercloud ~]$ neutron subnet-update f45dea46-4066-42aa-a3c4-6f84b8120cab --dns-nameserver 192.168.255.253                                    
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Updated subnet: f45dea46-4066-42aa-a3c4-6f84b8120cab
(undercloud) [stack@undercloud ~]$

Bayi a le fun ni aṣẹ fun introspection:

(undercloud) [stack@undercloud ~]$ openstack overcloud node import --introspect --provide inspection.json 
Started Mistral Workflow tripleo.baremetal.v1.register_or_update. Execution ID: d57456a3-d8ed-479c-9a90-dff7c752d0ec
Waiting for messages on queue 'tripleo' with no timeout.


5 node(s) successfully moved to the "manageable" state.
Successfully registered node UUID b4b2cf4a-b7ca-4095-af13-cc83be21c4f5
Successfully registered node UUID b89a72a3-6bb7-429a-93bc-48393d225838
Successfully registered node UUID 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e
Successfully registered node UUID bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8
Successfully registered node UUID 766ab623-464c-423d-a529-d9afb69d1167
Waiting for introspection to finish...
Started Mistral Workflow tripleo.baremetal.v1.introspect. Execution ID: 6b4d08ae-94c3-4a10-ab63-7634ec198a79
Waiting for messages on queue 'tripleo' with no timeout.
Introspection of node b89a72a3-6bb7-429a-93bc-48393d225838 completed. Status:SUCCESS. Errors:None
Introspection of node 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e completed. Status:SUCCESS. Errors:None
Introspection of node bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 completed. Status:SUCCESS. Errors:None
Introspection of node 766ab623-464c-423d-a529-d9afb69d1167 completed. Status:SUCCESS. Errors:None
Introspection of node b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 completed. Status:SUCCESS. Errors:None
Successfully introspected 5 node(s).
Started Mistral Workflow tripleo.baremetal.v1.provide. Execution ID: f5594736-edcf-4927-a8a0-2a7bf806a59a
Waiting for messages on queue 'tripleo' with no timeout.
5 node(s) successfully moved to the "available" state.
(undercloud) [stack@undercloud ~]$

Bi o ti le rii lati inu abajade, ohun gbogbo ti pari laisi awọn aṣiṣe. Jẹ ki a ṣayẹwo pe gbogbo awọn apa wa ni ipo to wa:

(undercloud) [stack@undercloud ~]$ openstack baremetal node list
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
| UUID                                 | Name      | Instance UUID | Power State | Provisioning State | Maintenance |
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | None          | power off   | available          | False       |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | None          | power off   | available          | False       |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | None          | power off   | available          | False       |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | None          | power off   | available          | False       |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | None          | power off   | available          | False       |
+--------------------------------------+-----------+---------------+-------------+--------------------+-------------+
(undercloud) [stack@undercloud ~]$ 

Ti awọn apa ba wa ni ipo ti o yatọ, nigbagbogbo ṣakoso, lẹhinna nkan kan ti ko tọ ati pe o nilo lati wo log naa ki o rii idi ti eyi fi ṣẹlẹ. Fiyesi pe ninu oju iṣẹlẹ yii a nlo agbara agbara ati pe awọn idun le wa pẹlu lilo awọn ẹrọ foju tabi vbmc.

Nigbamii ti, a nilo lati tọka iru ipade ti yoo ṣe iṣẹ wo - iyẹn ni, tọka profaili pẹlu eyiti ipade naa yoo ran:

(undercloud) [stack@undercloud ~]$ openstack overcloud profiles list
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| Node UUID                            | Node Name | Provision State | Current Profile | Possible Profiles |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | available       | None            |                   |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | available       | None            |                   |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | available       | None            |                   |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | available       | None            |                   |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | available       | None            |                   |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
(undercloud) [stack@undercloud ~]$ openstack flavor list
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
| ID                                   | Name          |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
| 168af640-7f40-42c7-91b2-989abc5c5d8f | swift-storage | 4096 |   40 |         0 |     1 | True      |
| 52148d1b-492e-48b4-b5fc-772849dd1b78 | baremetal     | 4096 |   40 |         0 |     1 | True      |
| 56e66542-ae60-416d-863e-0cb192d01b09 | control       | 4096 |   40 |         0 |     1 | True      |
| af6796e1-d0c4-4bfe-898c-532be194f7ac | block-storage | 4096 |   40 |         0 |     1 | True      |
| e4d50fdd-0034-446b-b72c-9da19b16c2df | compute       | 4096 |   40 |         0 |     1 | True      |
| fc2e3acf-7fca-4901-9eee-4a4d6ef0265d | ceph-storage  | 4096 |   40 |         0 |     1 | True      |
+--------------------------------------+---------------+------+------+-----------+-------+-----------+
(undercloud) [stack@undercloud ~]$

Pato profaili kan fun ipade kọọkan:

openstack baremetal node set --property capabilities='profile:control,boot_option:local' b4b2cf4a-b7ca-4095-af13-cc83be21c4f5
openstack baremetal node set --property capabilities='profile:ceph-storage,boot_option:local' b89a72a3-6bb7-429a-93bc-48393d225838
openstack baremetal node set --property capabilities='profile:ceph-storage,boot_option:local' 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e
openstack baremetal node set --property capabilities='profile:compute,boot_option:local' bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8
openstack baremetal node set --property capabilities='profile:compute,boot_option:local' 766ab623-464c-423d-a529-d9afb69d1167

Jẹ ki a ṣayẹwo pe a ṣe ohun gbogbo ni deede:

(undercloud) [stack@undercloud ~]$ openstack overcloud profiles list
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| Node UUID                            | Node Name | Provision State | Current Profile | Possible Profiles |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
| b4b2cf4a-b7ca-4095-af13-cc83be21c4f5 | control-1 | available       | control         |                   |
| b89a72a3-6bb7-429a-93bc-48393d225838 | storage-1 | available       | ceph-storage    |                   |
| 20a16cc0-e0ce-4d88-8f17-eb0ce7b4d69e | storage-2 | available       | ceph-storage    |                   |
| bfc1eb98-a17a-4a70-b0b6-6c0db0eac8e8 | compute-1 | available       | compute         |                   |
| 766ab623-464c-423d-a529-d9afb69d1167 | compute-2 | available       | compute         |                   |
+--------------------------------------+-----------+-----------------+-----------------+-------------------+
(undercloud) [stack@undercloud ~]$

Ti ohun gbogbo ba tọ, a fun ni aṣẹ lati mu overcloud ṣiṣẹ:

openstack overcloud deploy --templates --control-scale 1 --compute-scale 2  --ceph-storage-scale 2 --control-flavor control --compute-flavor compute  --ceph-storage-flavor ceph-storage --libvirt-type qemu

Ni fifi sori ẹrọ gidi, awọn awoṣe ti a ṣe adani yoo ṣee lo nipa ti ara, ninu ọran wa eyi yoo ṣe idiju ilana naa pupọ, nitori pe atunṣe kọọkan ninu awoṣe yoo ni lati ṣalaye. Gẹgẹbi a ti kọ tẹlẹ, paapaa fifi sori ẹrọ ti o rọrun yoo to fun wa lati rii bi o ṣe n ṣiṣẹ.

Akiyesi: oniyipada qemu --libvirt-type jẹ pataki ninu ọran yii, niwọn igba ti a yoo lo agbara agbara itẹle. Bibẹẹkọ, iwọ kii yoo ni anfani lati ṣiṣẹ awọn ẹrọ foju.

Bayi o ni nipa wakati kan, tabi boya diẹ sii (da lori awọn agbara ti ohun elo) ati pe o le ni ireti pe lẹhin akoko yii iwọ yoo rii ifiranṣẹ atẹle:

2020-08-14 08:39:21Z [overcloud]: CREATE_COMPLETE  Stack CREATE completed successfully

 Stack overcloud CREATE_COMPLETE 

Host 192.168.255.21 not found in /home/stack/.ssh/known_hosts
Started Mistral Workflow tripleo.deployment.v1.get_horizon_url. Execution ID: fcb996cd-6a19-482b-b755-2ca0c08069a9
Overcloud Endpoint: http://192.168.255.21:5000/
Overcloud Horizon Dashboard URL: http://192.168.255.21:80/dashboard
Overcloud rc file: /home/stack/overcloudrc
Overcloud Deployed
(undercloud) [stack@undercloud ~]$

Bayi o ni ẹya ti o ni kikun-kikun ti openstack, lori eyiti o le ṣe iwadi, ṣe idanwo, ati bẹbẹ lọ.

Jẹ ki a ṣayẹwo pe ohun gbogbo n ṣiṣẹ daradara. Ninu akopọ ilana ile olumulo awọn faili meji wa - stackrc kan (fun ṣiṣakoso undercloud) ati overcloudrc keji (fun ṣiṣakoso overcloud). Awọn faili wọnyi gbọdọ wa ni pato bi orisun, nitori wọn ni alaye pataki fun ijẹrisi.

(undercloud) [stack@undercloud ~]$ openstack server list
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
| ID                                   | Name                    | Status | Networks                | Image          | Flavor       |
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
| fd7d36f4-ce87-4b9a-93b0-add2957792de | overcloud-controller-0  | ACTIVE | ctlplane=192.168.255.15 | overcloud-full | control      |
| edc77778-8972-475e-a541-ff40eb944197 | overcloud-novacompute-1 | ACTIVE | ctlplane=192.168.255.26 | overcloud-full | compute      |
| 5448ce01-f05f-47ca-950a-ced14892c0d4 | overcloud-cephstorage-1 | ACTIVE | ctlplane=192.168.255.34 | overcloud-full | ceph-storage |
| ce6d862f-4bdf-4ba3-b711-7217915364d7 | overcloud-novacompute-0 | ACTIVE | ctlplane=192.168.255.19 | overcloud-full | compute      |
| e4507bd5-6f96-4b12-9cc0-6924709da59e | overcloud-cephstorage-0 | ACTIVE | ctlplane=192.168.255.44 | overcloud-full | ceph-storage |
+--------------------------------------+-------------------------+--------+-------------------------+----------------+--------------+
(undercloud) [stack@undercloud ~]$ 

(undercloud) [stack@undercloud ~]$ source overcloudrc 
(overcloud) [stack@undercloud ~]$ 
(overcloud) [stack@undercloud ~]$ openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 4eed7d0f06544625857d51cd77c5bd4c | admin   |
| ee1c68758bde41eaa9912c81dc67dad8 | service |
+----------------------------------+---------+
(overcloud) [stack@undercloud ~]$ 
(overcloud) [stack@undercloud ~]$ 
(overcloud) [stack@undercloud ~]$ openstack network agent list  
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host                                | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
| 10495de9-ba4b-41fe-b30a-b90ec3f8728b | Open vSwitch agent | overcloud-novacompute-1.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| 1515ad4a-5972-46c3-af5f-e5446dff7ac7 | L3 agent           | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-l3-agent          |
| 322e62ca-1e5a-479e-9a96-4f26d09abdd7 | DHCP agent         | overcloud-controller-0.localdomain  | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 9c1de2f9-bac5-400e-998d-4360f04fc533 | Open vSwitch agent | overcloud-novacompute-0.localdomain | None              | :-)   | UP    | neutron-openvswitch-agent |
| d99c5657-851e-4d3c-bef6-f1e3bb1acfb0 | Open vSwitch agent | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-openvswitch-agent |
| ff85fae6-5543-45fb-a301-19c57b62d836 | Metadata agent     | overcloud-controller-0.localdomain  | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+--------------------+-------------------------------------+-------------------+-------+-------+---------------------------+
(overcloud) [stack@undercloud ~]$

Fifi sori ẹrọ mi tun nilo ifọwọkan kekere kan - fifi ipa-ọna kun lori oludari, nitori ẹrọ ti Mo n ṣiṣẹ wa lori nẹtiwọọki ti o yatọ. Lati ṣe eyi, lọ si iṣakoso-1 labẹ akọọlẹ abojuto ooru ati forukọsilẹ ọna naa

(undercloud) [stack@undercloud ~]$ ssh [email protected]         
Last login: Fri Aug 14 09:47:40 2020 from 192.168.255.1
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo ip route add 10.169.0.0/16 via 192.168.255.254

O dara, bayi o le lọ sinu ibi ipade. Gbogbo alaye - awọn adirẹsi, buwolu wọle ati ọrọ igbaniwọle - wa ninu faili /home/stack/overcloudrc. Aworan ti o kẹhin dabi eyi:

Nipa ọna, ninu fifi sori wa, awọn adirẹsi ẹrọ ni a ti gbejade nipasẹ DHCP ati, bi o ti le rii, wọn ti fun ni “laileto”. O le ṣalaye ni muna ninu awoṣe iru adirẹsi ti o yẹ ki o so mọ ẹrọ wo lakoko imuṣiṣẹ, ti o ba nilo rẹ.

Bawo ni ijabọ ṣiṣan laarin awọn ẹrọ foju?

Ninu àpilẹkọ yii a yoo wo awọn aṣayan mẹta fun gbigbe ijabọ

• Awọn ẹrọ meji lori hypervisor kan lori nẹtiwọki L2 kan
• Awọn ẹrọ meji lori awọn hypervisors oriṣiriṣi lori nẹtiwọọki L2 kanna
• Awọn ẹrọ meji lori awọn nẹtiwọọki oriṣiriṣi (rutini nẹtiwọki-agbelebu)

Awọn ọran pẹlu iraye si agbaye ita nipasẹ nẹtiwọọki itagbangba, lilo awọn adirẹsi lilefoofo, bakanna bi ipa-ọna pinpin, a yoo gbero akoko atẹle, fun bayi a yoo dojukọ ijabọ inu.

Lati ṣayẹwo, jẹ ki a fi aworan atọka wọnyi papọ:

A ti ṣẹda awọn ẹrọ foju 4 - 3 lori nẹtiwọọki L2 kan - net-1, ati 1 diẹ sii lori nẹtiwọọki-2

(overcloud) [stack@undercloud ~]$ nova list --tenant 5e18ce8ec9594e00b155485f19895e6c             
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
| ID                                   | Name | Tenant ID                        | Status | Task State | Power State | Networks        |
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
| f53b37b5-2204-46cc-aef0-dba84bf970c0 | vm-1 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-1=10.0.1.85 |
| fc8b6722-0231-49b0-b2fa-041115bef34a | vm-2 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-1=10.0.1.88 |
| 3cd74455-b9b7-467a-abe3-bd6ff765c83c | vm-3 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-1=10.0.1.90 |
| 7e836338-6772-46b0-9950-f7f06dbe91a8 | vm-4 | 5e18ce8ec9594e00b155485f19895e6c | ACTIVE | -          | Running     | net-2=10.0.2.8  |
+--------------------------------------+------+----------------------------------+--------+------------+-------------+-----------------+
(overcloud) [stack@undercloud ~]$ 

Jẹ ki a wo kini awọn hypervisors ti awọn ẹrọ ti a ṣẹda wa lori:

(overcloud) [stack@undercloud ~]$ nova show f53b37b5-2204-46cc-aef0-dba84bf970c0 | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-1                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-0.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000001                                        |

(overcloud) [stack@undercloud ~]$ nova show fc8b6722-0231-49b0-b2fa-041115bef34a | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-2                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-1.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000002                                        |

(overcloud) [stack@undercloud ~]$ nova show 3cd74455-b9b7-467a-abe3-bd6ff765c83c | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-3                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-0.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000003                                        |

(overcloud) [stack@undercloud ~]$ nova show 7e836338-6772-46b0-9950-f7f06dbe91a8 | egrep "hypervisor_hostname|instance_name|hostname"
| OS-EXT-SRV-ATTR:hostname             | vm-4                                                     |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | overcloud-novacompute-1.localdomain                      |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000004                                        |

(overcloud) [stack@undercloud ~]$
Awọn ẹrọ vm-1 ati vm-3 wa lori iṣiro-0, awọn ẹrọ vm-2 ati vm-4 wa lori iṣiro-1.

Ni afikun, a ti ṣẹda olulana foju kan lati mu ipa-ọna ṣiṣẹ laarin awọn nẹtiwọọki ti a sọ pato:

(overcloud) [stack@undercloud ~]$ openstack router list  --project 5e18ce8ec9594e00b155485f19895e6c
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| ID                                   | Name     | Status | State | Distributed | HA    | Project                          |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
| 0a4d2420-4b9c-46bd-aec1-86a1ef299abe | router-1 | ACTIVE | UP    | False       | False | 5e18ce8ec9594e00b155485f19895e6c |
+--------------------------------------+----------+--------+-------+-------------+-------+----------------------------------+
(overcloud) [stack@undercloud ~]$ 

Olutọpa naa ni awọn ebute oko oju omi meji, eyiti o ṣiṣẹ bi awọn ẹnu-ọna fun awọn nẹtiwọọki:

(overcloud) [stack@undercloud ~]$ openstack router show 0a4d2420-4b9c-46bd-aec1-86a1ef299abe | grep interface
| interfaces_info         | [{"subnet_id": "2529ad1a-6b97-49cd-8515-cbdcbe5e3daa", "ip_address": "10.0.1.254", "port_id": "0c52b15f-8fcc-4801-bf52-7dacc72a5201"}, {"subnet_id": "335552dd-b35b-456b-9df0-5aac36a3ca13", "ip_address": "10.0.2.254", "port_id": "92fa49b5-5406-499f-ab8d-ddf28cc1a76c"}] |
(overcloud) [stack@undercloud ~]$ 

Ṣugbọn ki a to wo bawo ni ijabọ n lọ, jẹ ki a wo ohun ti a ni lọwọlọwọ lori ipade iṣakoso (eyiti o tun jẹ ipade nẹtiwọki) ati lori ipade iṣiro. Jẹ ká bẹrẹ pẹlu oniṣiro ipade.

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-vsctl show
[heat-admin@overcloud-novacompute-0 ~]$ sudo sudo ovs-appctl dpif/show
system@ovs-system: hit:3 missed:3
  br-ex:
    br-ex 65534/1: (internal)
    phy-br-ex 1/none: (patch: peer=int-br-ex)
  br-int:
    br-int 65534/2: (internal)
    int-br-ex 1/none: (patch: peer=phy-br-ex)
    patch-tun 2/none: (patch: peer=patch-int)
  br-tun:
    br-tun 65534/3: (internal)
    patch-int 1/none: (patch: peer=patch-tun)
    vxlan-c0a8ff0f 3/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.15)
    vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$

Ni akoko, ipade naa ni awọn afara ovs mẹta - br-int, br-tun, br-ex. Laarin wọn, bi a ti rii, ṣeto awọn atọkun wa. Fun irọrun ti oye, jẹ ki a gbero gbogbo awọn atọkun wọnyi lori aworan atọka ki o wo kini o ṣẹlẹ.

Wiwo awọn adirẹsi si eyiti awọn eefin VxLAN ti gbe soke, o le rii pe oju eefin kan ti gbe soke lati ṣe iṣiro-1 (192.168.255.26), eefin keji n wo iṣakoso-1 (192.168.255.15). Ṣugbọn ohun ti o nifẹ julọ ni pe br-ex ko ni awọn atọkun ti ara, ati pe ti o ba wo kini awọn ṣiṣan ti tunto, o le rii pe afara yii le ju ijabọ silẹ ni akoko yii.

[heat-admin@overcloud-novacompute-0 ~]$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 192.168.255.19  netmask 255.255.255.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fe6a:eabe  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:6a:ea:be  txqueuelen 1000  (Ethernet)
        RX packets 2909669  bytes 4608201000 (4.2 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1821057  bytes 349198520 (333.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[heat-admin@overcloud-novacompute-0 ~]$ 

Bi o ti le ri lati awọn wu, awọn adirẹsi ti wa ni dabaru taara si awọn ti ara ibudo, ati ki o ko si foju Afara ni wiwo.

[heat-admin@overcloud-novacompute-0 ~]$  sudo ovs-appctl fdb/show br-ex
 port  VLAN  MAC                Age
[heat-admin@overcloud-novacompute-0 ~]$  sudo ovs-ofctl dump-flows br-ex
 cookie=0x9169eae8f7fe5bb2, duration=216686.864s, table=0, n_packets=303, n_bytes=26035, priority=2,in_port="phy-br-ex" actions=drop
 cookie=0x9169eae8f7fe5bb2, duration=216686.887s, table=0, n_packets=0, n_bytes=0, priority=0 actions=NORMAL
[heat-admin@overcloud-novacompute-0 ~]$ 

Gẹgẹbi ofin akọkọ, ohun gbogbo ti o wa lati ibudo phy-br-ex gbọdọ jẹ asonu.
Lootọ, Lọwọlọwọ ko si ibi miiran fun ijabọ lati wa sinu afara yii ayafi lati wiwo yii (ni wiwo pẹlu br-int), ati idajọ nipasẹ awọn silė, ijabọ BUM ti lọ tẹlẹ sinu afara naa.

Iyẹn ni, ijabọ le fi oju ipade yii silẹ nikan nipasẹ oju eefin VxLAN ati nkan miiran. Sibẹsibẹ, ti o ba tan DVR, ipo naa yoo yipada, ṣugbọn a yoo koju iyẹn ni akoko miiran. Nigbati o ba lo ipinya nẹtiwọki, fun apẹẹrẹ lilo vlans, iwọ kii yoo ni wiwo L3 kan ni vlan 0, ṣugbọn ọpọlọpọ awọn atọkun. Bibẹẹkọ, ijabọ VxLAN yoo lọ kuro ni oju ipade ni ọna kanna, ṣugbọn tun ṣe encapsulated ni iru vlan igbẹhin.

A ti lẹsẹsẹ jade ni oniṣiro ipade, jẹ ki a gbe lori si awọn iṣakoso ipade.

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl dpif/show
system@ovs-system: hit:930491 missed:825
  br-ex:
    br-ex 65534/1: (internal)
    eth0 1/2: (system)
    phy-br-ex 2/none: (patch: peer=int-br-ex)
  br-int:
    br-int 65534/3: (internal)
    int-br-ex 1/none: (patch: peer=phy-br-ex)
    patch-tun 2/none: (patch: peer=patch-int)
  br-tun:
    br-tun 65534/4: (internal)
    patch-int 1/none: (patch: peer=patch-tun)
    vxlan-c0a8ff13 3/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.19)
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$

Ni otitọ, a le sọ pe ohun gbogbo jẹ kanna, ṣugbọn adiresi IP ko si lori wiwo ti ara ṣugbọn lori afara foju. Eyi ni a ṣe nitori pe ibudo yii jẹ ibudo nipasẹ eyiti ijabọ yoo jade lọ si agbaye ita.

[heat-admin@overcloud-controller-0 ~]$ ifconfig br-ex
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 192.168.255.15  netmask 255.255.255.0  broadcast 192.168.255.255
        inet6 fe80::5054:ff:fe20:a22f  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:20:a2:2f  txqueuelen 1000  (Ethernet)
        RX packets 803859  bytes 1732616116 (1.6 GiB)
        RX errors 0  dropped 63  overruns 0  frame 0
        TX packets 808475  bytes 121652156 (116.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-ex
 port  VLAN  MAC                Age
    3   100  28:c0:da:00:4d:d3   35
    1     0  28:c0:da:00:4d:d3   35
    1     0  52:54:00:98:e9:d6    0
LOCAL     0  52:54:00:20:a2:2f    0
    1     0  52:54:00:2c:08:9e    0
    3   100  52:54:00:20:a2:2f    0
    1     0  52:54:00:6a:ea:be    0
[heat-admin@overcloud-controller-0 ~]$ 

Yi ibudo ti wa ni ti so lati br-ex Afara ati niwon nibẹ ni o wa ti ko si vlan afi lori o, yi ibudo ni a ẹhin mọto ibudo lori eyi ti gbogbo vlans ti wa ni laaye, bayi ijabọ lọ ita lai tag, bi itọkasi nipa vlan-id 0 ninu awọn o wu loke.

Ohun gbogbo miiran ni akoko jẹ iru si node oniṣiro - awọn afara kanna, awọn tunnels kanna ti n lọ si awọn apa oniṣiro meji.

A kii yoo ṣe akiyesi awọn apa ibi ipamọ ninu nkan yii, ṣugbọn fun oye o jẹ dandan lati sọ pe apakan nẹtiwọki ti awọn apa wọnyi jẹ banal si aaye itiju. Ninu ọran wa, ibudo ti ara kan nikan wa (eth0) pẹlu adiresi IP ti a yàn si ati pe iyẹn ni. Ko si awọn tunnels VxLAN, awọn afara oju eefin, ati bẹbẹ lọ - ko si ovs rara, nitori ko si aaye ninu rẹ. Nigbati o ba nlo ipinya nẹtiwọọki, ipade yii yoo ni awọn atọkun meji (awọn ebute oko oju omi ti ara, bodny, tabi awọn vlan meji nikan - ko ṣe pataki - o da lori ohun ti o fẹ) - ọkan fun iṣakoso, keji fun ijabọ (kikọ si disiki VM , kika lati disk, bbl)

A ṣayẹwo ohun ti a ni lori awọn apa ni awọn isansa ti eyikeyi awọn iṣẹ. Bayi jẹ ki a ṣe ifilọlẹ awọn ẹrọ foju 4 ki o wo bii ero ti a ṣalaye loke ṣe yipada - o yẹ ki a ni awọn ebute oko oju omi, awọn olulana foju, ati bẹbẹ lọ.

Nitorinaa nẹtiwọọki wa dabi eyi:

A ni meji foju ero lori kọọkan kọmputa ipade. Lilo compute-0 gẹgẹbi apẹẹrẹ, jẹ ki a wo bi ohun gbogbo ṣe wa.

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh list 
 Id    Name                           State
----------------------------------------------------
 1     instance-00000001              running
 3     instance-00000003              running

[heat-admin@overcloud-novacompute-0 ~]$ 

Ẹrọ naa ni wiwo foju kan nikan - tap95d96a75-a0:

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap95d96a75-a0 bridge     qbr95d96a75-a0 virtio      fa:16:3e:44:98:20

[heat-admin@overcloud-novacompute-0 ~]$ 

Ni wiwo yii n wo inu afara linux:

[heat-admin@overcloud-novacompute-0 ~]$ sudo brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242904c92a8       no
qbr5bd37136-47          8000.5e4e05841423       no              qvb5bd37136-47
                                                        tap5bd37136-47
qbr95d96a75-a0          8000.de076cb850f6       no              qvb95d96a75-a0
                                                        tap95d96a75-a0
[heat-admin@overcloud-novacompute-0 ~]$ 

Bi o ti le rii lati inu abajade, awọn atọkun meji nikan ni o wa ninu afara - tap95d96a75-a0 ati qvb95d96a75-a0.

Nibi o tọ lati gbe diẹ lori awọn oriṣi awọn ẹrọ nẹtiwọọki foju ni OpenStack:
vtap - wiwo foju ti a so mọ apẹẹrẹ (VM)
qbr - Linux Afara
qvb ati qvo - bata vEth ti o sopọ si afara Linux ati Ṣii vSwitch Afara
br-int, br-tun, br-vlan - Ṣii awọn afara vSwitch
patch-, int-br-, phy-br- - Ṣii awọn atọkun abulẹ vSwitch sisopọ awọn afara
qg, qr, ha, fg, sg - Ṣii awọn ebute oko oju omi vSwitch ti awọn ẹrọ foju lo lati sopọ si OVS

Bi o ṣe ye ọ, ti a ba ni ibudo qvb95d96a75-a0 ninu afara, eyiti o jẹ bata vEth, lẹhinna ibikan ni ẹlẹgbẹ rẹ wa, eyiti o yẹ ki a pe ni qvo95d96a75-a0. Jẹ ki a wo kini awọn ebute oko oju omi wa lori OVS.

[heat-admin@overcloud-novacompute-0 ~]$ sudo sudo ovs-appctl dpif/show
system@ovs-system: hit:526 missed:91
  br-ex:
    br-ex 65534/1: (internal)
    phy-br-ex 1/none: (patch: peer=int-br-ex)
  br-int:
    br-int 65534/2: (internal)
    int-br-ex 1/none: (patch: peer=phy-br-ex)
    patch-tun 2/none: (patch: peer=patch-int)
    qvo5bd37136-47 6/6: (system)
    qvo95d96a75-a0 3/5: (system)
  br-tun:
    br-tun 65534/3: (internal)
    patch-int 1/none: (patch: peer=patch-tun)
    vxlan-c0a8ff0f 3/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.15)
    vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$ 

Bi a ti le ri, awọn ibudo ni br-int. Br-int n ṣiṣẹ bi iyipada ti o fopin si awọn ibudo ẹrọ foju. Ni afikun si qvo95d96a75-a0, ibudo qvo5bd37136-47 han ninu iṣelọpọ. Eleyi jẹ awọn ibudo si awọn keji foju ẹrọ. Bi abajade, aworan atọka wa bayi dabi eyi:

Ibeere kan ti o yẹ ki o nifẹ si oluka ifarabalẹ lẹsẹkẹsẹ - kini afara Linux laarin ibudo ẹrọ foju ati ibudo OVS? Otitọ ni pe lati daabobo ẹrọ naa, awọn ẹgbẹ aabo ni a lo, eyiti kii ṣe nkan diẹ sii ju awọn iptables. OVS ko ṣiṣẹ pẹlu awọn iptables, nitorinaa “crutch” yii ni a ṣẹda. Sibẹsibẹ, o ti di atijo - o ti wa ni rọpo nipasẹ contrack ni titun awọn idasilẹ.

Iyẹn ni, nikẹhin eto naa dabi eyi:

Awọn ẹrọ meji lori hypervisor kan lori nẹtiwọki L2 kan

Niwọn igba ti awọn VM meji wọnyi wa lori nẹtiwọọki L2 kanna ati lori hypervisor kanna, ijabọ laarin wọn yoo ṣan ni otitọ ni agbegbe nipasẹ br-int, nitori awọn ẹrọ mejeeji yoo wa lori VLAN kanna:

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap95d96a75-a0 bridge     qbr95d96a75-a0 virtio      fa:16:3e:44:98:20

[heat-admin@overcloud-novacompute-0 ~]$ 
[heat-admin@overcloud-novacompute-0 ~]$ 
[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000003
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap5bd37136-47 bridge     qbr5bd37136-47 virtio      fa:16:3e:83:ad:a4

[heat-admin@overcloud-novacompute-0 ~]$ 
[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-int 
 port  VLAN  MAC                Age
    6     1  fa:16:3e:83:ad:a4    0
    3     1  fa:16:3e:44:98:20    0
[heat-admin@overcloud-novacompute-0 ~]$ 

Awọn ẹrọ meji lori awọn hypervisors oriṣiriṣi lori nẹtiwọọki L2 kanna

Bayi jẹ ki a wo bii ijabọ yoo lọ laarin awọn ẹrọ meji lori nẹtiwọọki L2 kanna, ṣugbọn ti o wa lori awọn hypervisors oriṣiriṣi. Lati so ooto, ko si ohun ti yoo yi Elo, o kan ijabọ laarin hypervisors yoo lọ nipasẹ vxlan eefin. Jẹ́ ká wo àpẹẹrẹ kan.

Awọn adirẹsi ti awọn ẹrọ foju laarin eyiti a yoo wo ijabọ:

[heat-admin@overcloud-novacompute-0 ~]$ sudo virsh domiflist instance-00000001
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap95d96a75-a0 bridge     qbr95d96a75-a0 virtio      fa:16:3e:44:98:20

[heat-admin@overcloud-novacompute-0 ~]$ 

[heat-admin@overcloud-novacompute-1 ~]$ sudo virsh domiflist instance-00000002
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tape7e23f1b-07 bridge     qbre7e23f1b-07 virtio      fa:16:3e:72:ad:53

[heat-admin@overcloud-novacompute-1 ~]$ 

A wo tabili ifiranšẹ siwaju ni br-int lori compute-0:

[heat-admin@overcloud-novacompute-0 ~]$  sudo ovs-appctl fdb/show br-int | grep fa:16:3e:72:ad:53
    2     1  fa:16:3e:72:ad:53    1
[heat-admin@overcloud-novacompute-0 ~]

Ijabọ yẹ ki o lọ si ibudo 2 - jẹ ki a wo iru ibudo ti o jẹ:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:7e:7f:28:1f:bd:54
 2(patch-tun): addr:0a:bd:07:69:58:d9
 3(qvo95d96a75-a0): addr:ea:50:9a:3d:69:58
 6(qvo5bd37136-47): addr:9a:d1:03:50:3d:96
 LOCAL(br-int): addr:1a:0f:53:97:b1:49
[heat-admin@overcloud-novacompute-0 ~]$

Eyi jẹ patch-tun - iyẹn ni, wiwo ni br-tun. Jẹ ki a wo ohun ti o ṣẹlẹ si package lori br-tun:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:72:ad:53
 cookie=0x8759a56536b67a8e, duration=1387.959s, table=20, n_packets=1460, n_bytes=138880, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=fa:16:3e:72:ad:53 actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:2
[heat-admin@overcloud-novacompute-0 ~]$ 

Awọn apo-iwe ti wa ni akopọ ni VxLAN ati firanṣẹ si ibudo 2. Jẹ ki a wo ibiti ibudo 2 ṣe itọsọna:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-tun | grep addr   
 1(patch-int): addr:b2:d1:f8:21:96:66
 2(vxlan-c0a8ff1a): addr:be:64:1f:75:78:a7
 3(vxlan-c0a8ff0f): addr:76:6f:b9:3c:3f:1c
 LOCAL(br-tun): addr:a2:5b:6d:4f:94:47
[heat-admin@overcloud-novacompute-0 ~]$

Eyi jẹ oju eefin vxlan lori iṣiro-1:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl dpif/show | egrep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/4: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.19, remote_ip=192.168.255.26)
[heat-admin@overcloud-novacompute-0 ~]$

Jẹ ki a lọ si iṣiro-1 ki o wo ohun ti o ṣẹlẹ nigbamii pẹlu package:

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:44:98:20
    2     1  fa:16:3e:44:98:20    1
[heat-admin@overcloud-novacompute-1 ~]$ 

Mac wa ninu tabili fifiranṣẹ br-int lori iṣiro-1, ati bi a ṣe le rii lati inu iṣẹjade loke, o han nipasẹ ibudo 2, eyiti o jẹ ibudo si ọna br-tun:

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-ofctl show br-int | grep addr   
 1(int-br-ex): addr:8a:d7:f9:ad:8c:1d
 2(patch-tun): addr:46:cc:40:bd:20:da
 3(qvoe7e23f1b-07): addr:12:78:2e:34:6a:c7
 4(qvo3210e8ec-c0): addr:7a:5f:59:75:40:85
 LOCAL(br-int): addr:e2:27:b2:ed:14:46

O dara, lẹhinna a rii pe ni br-int lori compute-1 nibẹ ni ibi-ajo poppy kan:

[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:72:ad:53
    3     1  fa:16:3e:72:ad:53    0
[heat-admin@overcloud-novacompute-1 ~]$ 

Iyẹn ni, apo-iwe ti o gba yoo fo si ibudo 3, lẹhin eyiti o wa tẹlẹ apẹẹrẹ ẹrọ foju kan-00000003.

Ẹwa ti ṣiṣiṣẹ Opentack fun kikọ lori awọn amayederun foju ni pe a le ni irọrun mu ijabọ laarin awọn hypervisors ki o wo ohun ti n ṣẹlẹ pẹlu rẹ. Eyi ni ohun ti a yoo ṣe ni bayi, ṣiṣe tcpdump lori ibudo vnet si ọna iṣiro-0:

[root@hp-gen9 bormoglotx]# tcpdump -vvv -i vnet3
tcpdump: listening on vnet3, link-type EN10MB (Ethernet), capture size 262144 bytes

*****************omitted*******************

04:39:04.583459 IP (tos 0x0, ttl 64, id 16868, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.19.39096 > 192.168.255.26.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 8012, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.1.85 > 10.0.1.88: ICMP echo request, id 5634, seq 16, length 64
04:39:04.584449 IP (tos 0x0, ttl 64, id 35181, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.26.speedtrace-disc > 192.168.255.19.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 59124, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.1.88 > 10.0.1.85: ICMP echo reply, id 5634, seq 16, length 64
	
*****************omitted*******************

Laini akọkọ fihan pe Patek lati adirẹsi 10.0.1.85 lọ si adirẹsi 10.0.1.88 (ijabọ ICMP), ati pe o we sinu apo VxLAN kan pẹlu vni 22 ati apo-iwe naa lọ lati agbalejo 192.168.255.19 (iṣiro-0) lati gbalejo 192.168.255.26 .1 ( oniṣiro-XNUMX). A le ṣayẹwo pe VNI ibaamu ọkan pato ninu ovs.

Jẹ ki a pada si awọn iṣẹ laini yii=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],jade:2. 0x16 jẹ vni ni eto nọmba hexadecimal. Jẹ ki a yi nọmba yii pada si eto 16th:

16 = 6*16^0+1*16^1 = 6+16 = 22

Iyẹn ni, vni ni ibamu si otito.

Laini keji fihan ijabọ ipadabọ, daradara, ko si aaye lati ṣalaye rẹ, ohun gbogbo han gbangba nibẹ.

Awọn ẹrọ meji lori awọn nẹtiwọọki oriṣiriṣi (itọpa ọna nẹtiwọọki)

Ẹjọ ti o kẹhin fun oni ni lilọ laarin awọn nẹtiwọọki laarin iṣẹ akanṣe kan nipa lilo olulana foju kan. A n gbero ọran kan laisi DVR (a yoo wo rẹ ni nkan miiran), nitorinaa ipa ọna waye lori ipade nẹtiwọki. Ninu ọran wa, ipade nẹtiwọki ko ni gbe sinu nkan ti o yatọ ati pe o wa lori ipade iṣakoso.

Ni akọkọ, jẹ ki a rii pe ipa-ọna ṣiṣẹ:

$ ping 10.0.2.8
PING 10.0.2.8 (10.0.2.8): 56 data bytes
64 bytes from 10.0.2.8: seq=0 ttl=63 time=7.727 ms
64 bytes from 10.0.2.8: seq=1 ttl=63 time=3.832 ms
^C
--- 10.0.2.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.832/5.779/7.727 ms

Niwọn igba ti apo-iwe naa gbọdọ lọ si ẹnu-ọna ati ki o wa ni ipadabọ sibẹ, a nilo lati wa adirẹsi poppy ti ẹnu-ọna, eyiti a wo tabili ARP ni apẹẹrẹ:

$ arp
host-10-0-1-254.openstacklocal (10.0.1.254) at fa:16:3e:c4:64:70 [ether]  on eth0
host-10-0-1-1.openstacklocal (10.0.1.1) at fa:16:3e:e6:2c:5c [ether]  on eth0
host-10-0-1-90.openstacklocal (10.0.1.90) at fa:16:3e:83:ad:a4 [ether]  on eth0
host-10-0-1-88.openstacklocal (10.0.1.88) at fa:16:3e:72:ad:53 [ether]  on eth0

Bayi jẹ ki a wo ibi ti ijabọ pẹlu opin irin ajo (10.0.1.254) fa:16:3e:c4:64:70 yẹ ki o firanṣẹ:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-appctl fdb/show br-int | egrep fa:16:3e:c4:64:70
    2     1  fa:16:3e:c4:64:70    0
[heat-admin@overcloud-novacompute-0 ~]$ 

Jẹ ki a wo ibiti ibudo 2 ṣe itọsọna:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:7e:7f:28:1f:bd:54
 2(patch-tun): addr:0a:bd:07:69:58:d9
 3(qvo95d96a75-a0): addr:ea:50:9a:3d:69:58
 6(qvo5bd37136-47): addr:9a:d1:03:50:3d:96
 LOCAL(br-int): addr:1a:0f:53:97:b1:49
[heat-admin@overcloud-novacompute-0 ~]$ 

Ohun gbogbo jẹ ọgbọn, ijabọ lọ si br-tun. Jẹ ki a wo oju eefin vxlan wo ni yoo we si:

[heat-admin@overcloud-novacompute-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:c4:64:70
 cookie=0x8759a56536b67a8e, duration=3514.566s, table=20, n_packets=3368, n_bytes=317072, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=fa:16:3e:c4:64:70 actions=load:0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],output:3
[heat-admin@overcloud-novacompute-0 ~]$ 

Ibudo kẹta jẹ eefin vxlan:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-tun | grep addr
 1(patch-int): addr:a2:69:00:c5:fa:ba
 2(vxlan-c0a8ff1a): addr:86:f0:ce:d0:e8:ea
 3(vxlan-c0a8ff13): addr:72:aa:73:2c:2e:5b
 LOCAL(br-tun): addr:a6:cb:cd:72:1c:45
[heat-admin@overcloud-controller-0 ~]$ 

Ewo ni oju ipade iṣakoso:

[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ 

Awọn ijabọ ti de ibi ipade iṣakoso, nitorinaa a nilo lati lọ sibẹ ki a wo bii ipa-ọna yoo ṣẹlẹ.

Bi o ṣe ranti, oju-ọna iṣakoso inu wo deede kanna bi ipade iṣiro - awọn afara mẹta kanna, br-ex nikan ni ibudo ti ara nipasẹ eyiti ipade le fi ijabọ ranṣẹ si ita. Awọn ẹda ti awọn iṣẹlẹ yipada iṣeto ni awọn apa oniṣiro - afara Linux, awọn iptables ati awọn atọkun ni a ṣafikun si awọn apa. Ṣiṣẹda awọn nẹtiwọọki ati olulana foju tun fi ami rẹ silẹ lori iṣeto ni ipade iṣakoso.

Nitorinaa, o han gbangba pe adiresi MAC ẹnu-ọna gbọdọ wa ni tabili fifiranṣẹ br-int lori ipade iṣakoso. Jẹ ki a ṣayẹwo pe o wa nibẹ ati ibi ti o n wa:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:c4:64:70
    5     1  fa:16:3e:c4:64:70    1
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$  sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:2e:58:b6:db:d5:de
 2(patch-tun): addr:06:41:90:f0:9e:56
 3(tapca25a97e-64): addr:fa:16:3e:e6:2c:5c
 4(tap22015e46-0b): addr:fa:16:3e:76:c2:11
 5(qr-0c52b15f-8f): addr:fa:16:3e:c4:64:70
 6(qr-92fa49b5-54): addr:fa:16:3e:80:13:72
 LOCAL(br-int): addr:06:de:5d:ed:44:44
[heat-admin@overcloud-controller-0 ~]$ 

Mac naa han lati ibudo qr-0c52b15f-8f. Ti a ba pada si atokọ ti awọn ebute oko oju omi ni Openstack, iru ibudo yii ni a lo lati so awọn ẹrọ foju pupọ pọ si OVS. Lati jẹ kongẹ diẹ sii, qr jẹ ibudo kan si olulana foju, eyiti o jẹ aṣoju bi aaye orukọ kan.

Jẹ ki a wo kini awọn aaye orukọ wa lori olupin naa:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns
qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe (id: 2)
qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 (id: 1)
qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 (id: 0)
[heat-admin@overcloud-controller-0 ~]$ 

Bi awọn ẹda mẹta. Ṣugbọn idajọ nipa awọn orukọ, o le gboju le won idi ti kọọkan ti wọn. A yoo pada si awọn apẹẹrẹ pẹlu ID 0 ati 1 nigbamii, ni bayi a nifẹ si aaye orukọ qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe ip route
10.0.1.0/24 dev qr-0c52b15f-8f proto kernel scope link src 10.0.1.254 
10.0.2.0/24 dev qr-92fa49b5-54 proto kernel scope link src 10.0.2.254 
[heat-admin@overcloud-controller-0 ~]$ 

Aaye orukọ yii ni awọn inu inu meji ti a ṣẹda tẹlẹ. Mejeeji foju ebute oko ti a ti fi kun si br-int. Jẹ ki a ṣayẹwo adirẹsi mac ti ibudo qr-0c52b15f-8f, niwọn igba ti ijabọ naa, ni idajọ nipasẹ adirẹsi mac ti nlo, lọ si wiwo yii.

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe ifconfig qr-0c52b15f-8f
qr-0c52b15f-8f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.0.1.254  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::f816:3eff:fec4:6470  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:c4:64:70  txqueuelen 1000  (Ethernet)
        RX packets 5356  bytes 427305 (417.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5195  bytes 490603 (479.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[heat-admin@overcloud-controller-0 ~]$ 

Iyẹn ni, ninu ọran yii, ohun gbogbo ṣiṣẹ ni ibamu si awọn ofin ti ipa ọna boṣewa. Niwọn bi a ti pinnu ijabọ naa fun agbalejo 10.0.2.8, o gbọdọ jade nipasẹ wiwo keji qr-92fa49b5-54 ki o lọ nipasẹ oju eefin vxlan si ipade iṣiro:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns exec qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe arp
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.1.88                ether   fa:16:3e:72:ad:53   C                     qr-0c52b15f-8f
10.0.1.90                ether   fa:16:3e:83:ad:a4   C                     qr-0c52b15f-8f
10.0.2.8                 ether   fa:16:3e:6c:ad:9c   C                     qr-92fa49b5-54
10.0.2.42                ether   fa:16:3e:f5:0b:29   C                     qr-92fa49b5-54
10.0.1.85                ether   fa:16:3e:44:98:20   C                     qr-0c52b15f-8f
[heat-admin@overcloud-controller-0 ~]$ 

Ohun gbogbo jẹ ọgbọn, ko si iyanilẹnu. Jẹ ki a wo ibi ti adirẹsi poppy ti ogun 10.0.2.8 ti han ni br-int:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:6c:ad:9c
    2     2  fa:16:3e:6c:ad:9c    1
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-int | grep addr
 1(int-br-ex): addr:2e:58:b6:db:d5:de
 2(patch-tun): addr:06:41:90:f0:9e:56
 3(tapca25a97e-64): addr:fa:16:3e:e6:2c:5c
 4(tap22015e46-0b): addr:fa:16:3e:76:c2:11
 5(qr-0c52b15f-8f): addr:fa:16:3e:c4:64:70
 6(qr-92fa49b5-54): addr:fa:16:3e:80:13:72
 LOCAL(br-int): addr:06:de:5d:ed:44:44
[heat-admin@overcloud-controller-0 ~]$ 

Gẹgẹbi a ti ṣe yẹ, ijabọ lọ si br-tun, jẹ ki a wo oju eefin ti ijabọ naa lọ si atẹle:

[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl dump-flows br-tun | grep fa:16:3e:6c:ad:9c
 cookie=0x2ab04bf27114410e, duration=5346.829s, table=20, n_packets=5248, n_bytes=498512, hard_timeout=300, idle_age=0, hard_age=0, priority=1,vlan_tci=0x0002/0x0fff,dl_dst=fa:16:3e:6c:ad:9c actions=load:0->NXM_OF_VLAN_TCI[],load:0x63->NXM_NX_TUN_ID[],output:2
[heat-admin@overcloud-controller-0 ~]$
[heat-admin@overcloud-controller-0 ~]$ sudo ovs-ofctl show br-tun | grep addr
 1(patch-int): addr:a2:69:00:c5:fa:ba
 2(vxlan-c0a8ff1a): addr:86:f0:ce:d0:e8:ea
 3(vxlan-c0a8ff13): addr:72:aa:73:2c:2e:5b
 LOCAL(br-tun): addr:a6:cb:cd:72:1c:45
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ 

Ijabọ lọ sinu eefin lati ṣe iṣiro-1. O dara, lori iṣiro-1 ohun gbogbo rọrun - lati br-tun package naa lọ si br-int ati lati ibẹ si wiwo ẹrọ foju:

[heat-admin@overcloud-controller-0 ~]$ sudo sudo ovs-appctl dpif/show | grep vxlan-c0a8ff1a
    vxlan-c0a8ff1a 2/5: (vxlan: egress_pkt_mark=0, key=flow, local_ip=192.168.255.15, remote_ip=192.168.255.26)
[heat-admin@overcloud-controller-0 ~]$ 
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-appctl fdb/show br-int | grep fa:16:3e:6c:ad:9c
    4     2  fa:16:3e:6c:ad:9c    1
[heat-admin@overcloud-novacompute-1 ~]$ sudo ovs-ofctl show br-int | grep addr                  
 1(int-br-ex): addr:8a:d7:f9:ad:8c:1d
 2(patch-tun): addr:46:cc:40:bd:20:da
 3(qvoe7e23f1b-07): addr:12:78:2e:34:6a:c7
 4(qvo3210e8ec-c0): addr:7a:5f:59:75:40:85
 LOCAL(br-int): addr:e2:27:b2:ed:14:46
[heat-admin@overcloud-novacompute-1 ~]$ 

Jẹ ki a ṣayẹwo pe nitootọ eyi ni wiwo ti o pe:

[heat-admin@overcloud-novacompute-1 ~]$ brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.02429c001e1c       no
qbr3210e8ec-c0          8000.ea27f45358be       no              qvb3210e8ec-c0
                                                        tap3210e8ec-c0
qbre7e23f1b-07          8000.b26ac0eded8a       no              qvbe7e23f1b-07
                                                        tape7e23f1b-07
[heat-admin@overcloud-novacompute-1 ~]$ 
[heat-admin@overcloud-novacompute-1 ~]$ sudo virsh domiflist instance-00000004
Interface  Type       Source     Model       MAC
-------------------------------------------------------
tap3210e8ec-c0 bridge     qbr3210e8ec-c0 virtio      fa:16:3e:6c:ad:9c

[heat-admin@overcloud-novacompute-1 ~]$

Lootọ, a lọ ni gbogbo ọna nipasẹ package. Mo ro pe o woye wipe awọn ijabọ lọ nipasẹ o yatọ si vxlan tunnels ati exited pẹlu o yatọ si VNIs. Jẹ ki a wo iru VNI ti awọn wọnyi jẹ, lẹhin eyi a yoo gba idalẹnu kan lori ibudo iṣakoso ti oju ipade naa ki o rii daju pe awọn ṣiṣan nṣan ni deede bi a ti salaye loke.
Nitorina, oju eefin lati ṣe iṣiro-0 ni awọn iṣe wọnyi = fifuye: 0->NXM_OF_VLAN_TCI[],load:0x16->NXM_NX_TUN_ID[],jade:3. Jẹ ki a yipada 0x16 si eto nọmba eleemewa:

0x16 = 6*16^0+1*16^1 = 6+16 = 22

Oju eefin lati ṣe iṣiro-1 ni VNI wọnyi: awọn iṣẹ = fifuye: 0->NXM_OF_VLAN_TCI[], fifuye: 0x63->NXM_NX_TUN_ID[],jade:2. Jẹ ki a yipada 0x63 si eto nọmba eleemewa:

0x63 = 3*16^0+6*16^1 = 3+96 = 99

O dara, ni bayi jẹ ki a wo idalẹnu naa:

[root@hp-gen9 bormoglotx]# tcpdump -vvv -i vnet4 
tcpdump: listening on vnet4, link-type EN10MB (Ethernet), capture size 262144 bytes

*****************omitted*******************

04:35:18.709949 IP (tos 0x0, ttl 64, id 48650, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.19.41591 > 192.168.255.15.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 64, id 49042, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.1.85 > 10.0.2.8: ICMP echo request, id 5378, seq 9, length 64
04:35:18.710159 IP (tos 0x0, ttl 64, id 23360, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.15.38983 > 192.168.255.26.4789: [no cksum] VXLAN, flags [I] (0x08), vni 99
IP (tos 0x0, ttl 63, id 49042, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.1.85 > 10.0.2.8: ICMP echo request, id 5378, seq 9, length 64
04:35:18.711292 IP (tos 0x0, ttl 64, id 43596, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.26.42588 > 192.168.255.15.4789: [no cksum] VXLAN, flags [I] (0x08), vni 99
IP (tos 0x0, ttl 64, id 55103, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.2.8 > 10.0.1.85: ICMP echo reply, id 5378, seq 9, length 64
04:35:18.711531 IP (tos 0x0, ttl 64, id 8555, offset 0, flags [DF], proto UDP (17), length 134)
    192.168.255.15.38983 > 192.168.255.19.4789: [no cksum] VXLAN, flags [I] (0x08), vni 22
IP (tos 0x0, ttl 63, id 55103, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.2.8 > 10.0.1.85: ICMP echo reply, id 5378, seq 9, length 64
	
*****************omitted*******************

Ni igba akọkọ ti soso ni a vxlan soso lati ogun 192.168.255.19 (compute-0) lati gbalejo 192.168.255.15 (Iṣakoso-1) pẹlu vni 22, inu eyi ti ohun ICMP soso ti wa ni dipo lati ogun 10.0.1.85 lati gbalejo 10.0.2.8. Gẹgẹbi a ti ṣe iṣiro loke, vni baamu ohun ti a rii ninu iṣelọpọ.

Awọn keji soso ni a vxlan soso lati ogun 192.168.255.15 (control-1) lati gbalejo 192.168.255.26 (isiro-1) pẹlu vni 99, inu eyi ti ohun ICMP soso ti wa ni dipo lati ogun 10.0.1.85 lati gbalejo 10.0.2.8. Gẹgẹbi a ti ṣe iṣiro loke, vni baamu ohun ti a rii ninu iṣelọpọ.

Awọn apo-iwe meji ti o tẹle jẹ ijabọ ipadabọ lati 10.0.2.8 kii ṣe 10.0.1.85.

Iyẹn ni, ni ipari a ni ero ipade iṣakoso atẹle:

Ṣe o dabi iyẹn? A gbagbe nipa awọn aaye orukọ meji:

[heat-admin@overcloud-controller-0 ~]$ sudo  ip netns
qrouter-0a4d2420-4b9c-46bd-aec1-86a1ef299abe (id: 2)
qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 (id: 1)
qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 (id: 0)
[heat-admin@overcloud-controller-0 ~]$ 

Bi a ti sọrọ nipa faaji ti Syeed awọsanma, yoo dara ti awọn ẹrọ ba gba awọn adirẹsi laifọwọyi lati olupin DHCP kan. Iwọnyi jẹ awọn olupin DHCP meji fun awọn nẹtiwọọki meji wa 10.0.1.0/24 ati 10.0.2.0/24.

Jẹ ki a ṣayẹwo pe eyi jẹ otitọ. Adirẹsi kan ṣoṣo ni o wa ni aaye orukọ yii - 10.0.1.1 - adirẹsi olupin DHCP funrararẹ, ati pe o tun wa ninu br-int:

[heat-admin@overcloud-controller-0 ~]$ sudo ip netns exec qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1  bytes 28 (28.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1  bytes 28 (28.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tapca25a97e-64: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.0.1.1  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::f816:3eff:fee6:2c5c  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:e6:2c:5c  txqueuelen 1000  (Ethernet)
        RX packets 129  bytes 9372 (9.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 49  bytes 6154 (6.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Jẹ ki a rii boya awọn ilana ti o ni qdhcp-67a3798c-32c0-4c18-8502-2531247e3cc2 ni orukọ wọn lori ipade iṣakoso:

[heat-admin@overcloud-controller-0 ~]$ ps -aux | egrep qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 
root      640420  0.0  0.0   4220   348 ?        Ss   11:31   0:00 dumb-init --single-child -- ip netns exec qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638 /usr/sbin/dnsmasq -k --no-hosts --no-resolv --pid-file=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/host --addn-hosts=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/opts --dhcp-leasefile=/var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/leases --dhcp-match=set:ipxe,175 --local-service --bind-dynamic --dhcp-range=set:subnet-335552dd-b35b-456b-9df0-5aac36a3ca13,10.0.2.0,static,255.255.255.0,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal
heat-ad+  951620  0.0  0.0 112944   980 pts/0    S+   18:50   0:00 grep -E --color=auto qdhcp-7d541e74-1c36-4e1d-a7c4-0968c8dbc638
[heat-admin@overcloud-controller-0 ~]$ 

Iru ilana kan wa ati ti o da lori alaye ti a gbekalẹ ninu iṣelọpọ loke, a le, fun apẹẹrẹ, wo ohun ti a ni lọwọlọwọ fun iyalo:

[heat-admin@overcloud-controller-0 ~]$ cat /var/lib/neutron/dhcp/7d541e74-1c36-4e1d-a7c4-0968c8dbc638/leases
1597492111 fa:16:3e:6c:ad:9c 10.0.2.8 host-10-0-2-8 01:fa:16:3e:6c:ad:9c
1597491115 fa:16:3e:76:c2:11 10.0.2.1 host-10-0-2-1 *
[heat-admin@overcloud-controller-0 ~]$

Bi abajade, a gba eto awọn iṣẹ wọnyi lori ipade iṣakoso:

O dara, ni lokan - eyi jẹ awọn ẹrọ 4 nikan, awọn nẹtiwọọki inu 2 ati olulana foju kan… A ko ni awọn nẹtiwọọki ita nibi ni bayi, opo ti awọn iṣẹ akanṣe oriṣiriṣi, ọkọọkan pẹlu awọn nẹtiwọọki ti ara wọn (fifun), ati pe a ni. olulana ti a ti pin ni pipa, ati ni ipari Lẹhin gbogbo ẹ, oju ipade iṣakoso kan nikan ni o wa ninu ibujoko idanwo (fun ifarada aṣiṣe gbọdọ jẹ iyewo ti awọn apa mẹta). O jẹ ọgbọn pe ni iṣowo ohun gbogbo jẹ “diẹ diẹ” diẹ sii idiju, ṣugbọn ninu apẹẹrẹ ti o rọrun yii a loye bi o ṣe yẹ ki o ṣiṣẹ - boya o ni awọn aaye orukọ 3 tabi 300 jẹ eyiti o ṣe pataki, ṣugbọn lati oju wiwo ti iṣiṣẹ ti gbogbo eto, ko si ohun ti yoo yi Elo ... biotilejepe o yoo ko pulọọgi ni diẹ ninu awọn SDN ataja. Ṣugbọn iyẹn jẹ itan ti o yatọ patapata.

Mo lero o je awon. Ti o ba ni awọn asọye eyikeyi / awọn afikun, tabi ibikan ni Mo parọ patapata (Emi ni eniyan ati pe ero mi yoo jẹ koko-ọrọ nigbagbogbo) - kọ ohun ti o nilo lati ṣe atunṣe / ṣafikun - a yoo ṣe atunṣe / ṣafikun ohun gbogbo.

Ni ipari, Emi yoo fẹ lati sọ awọn ọrọ diẹ nipa ifiwera Openstack (mejeeji fanila ati ataja) pẹlu ojutu awọsanma lati VMWare - Mo ti beere ibeere yii nigbagbogbo ni awọn ọdun meji sẹhin ati, ni otitọ, Mo jẹ tẹlẹ bani o ti o, sugbon si tun. Ni ero mi, o nira pupọ lati ṣe afiwe awọn ojutu meji wọnyi, ṣugbọn a le sọ dajudaju pe awọn aila-nfani wa ninu awọn solusan mejeeji ati nigbati o yan ojutu kan o nilo lati ṣe iwọn awọn anfani ati awọn konsi.

Ti OpenStack ba jẹ ojuutu ti agbegbe, lẹhinna VMWare ni ẹtọ lati ṣe ohun ti o fẹ nikan (ka - kini ere fun u) ati pe eyi jẹ ọgbọn - nitori pe o jẹ ile-iṣẹ iṣowo ti o lo lati ṣe owo lati ọdọ awọn alabara rẹ. Ṣugbọn nla kan ati ọra wa SUGBON - o le lọ kuro ni OpenStack, fun apẹẹrẹ lati Nokia, ati pẹlu iyipada inawo kekere si ojutu kan lati, fun apẹẹrẹ, Juniper (Awọsanma Contrail), ṣugbọn o ko ṣeeṣe lati ni anfani lati lọ kuro ni VMWare. . Fun mi, awọn solusan meji wọnyi dabi eyi - Openstack (olutaja) jẹ ẹyẹ ti o rọrun ninu eyiti o fi sii, ṣugbọn o ni bọtini kan ati pe o le lọ kuro nigbakugba. VMWare jẹ ẹyẹ goolu kan, oniwun ni bọtini si agọ ẹyẹ ati pe yoo jẹ ọ lọpọlọpọ.

Emi ko ṣe igbega boya ọja akọkọ tabi keji - o yan ohun ti o nilo. Ṣugbọn ti MO ba ni iru yiyan, Emi yoo yan awọn solusan mejeeji - VMWare fun awọsanma IT (awọn ẹru kekere, iṣakoso irọrun), OpenStack lati ọdọ awọn olutaja kan (Nokia ati Juniper pese awọn solusan turnkey ti o dara pupọ) - fun awọsanma Telecom. Emi kii yoo lo Openstack fun IT mimọ - o dabi titu ologoṣẹ pẹlu ibọn kan, ṣugbọn Emi ko rii eyikeyi awọn ilodisi si lilo rẹ yatọ si apọju. Bibẹẹkọ, lilo VMWare ni tẹlifoonu dabi gbigbe okuta ti a fọ ​​ni Ford Raptor - o lẹwa lati ita, ṣugbọn awakọ ni lati ṣe irin-ajo 10 dipo ọkan.

Ni ero mi, aila-nfani nla julọ ti VMWare ni pipade pipe rẹ - ile-iṣẹ kii yoo fun ọ ni alaye eyikeyi nipa bii o ṣe n ṣiṣẹ, fun apẹẹrẹ, vSAN tabi kini o wa ninu ekuro hypervisor - kii ṣe ni ere fun u - iyẹn ni, iwọ yoo Maṣe di alamọja ni VMWare - laisi atilẹyin ataja, o jẹ iparun (nigbagbogbo Mo pade awọn amoye VMWare ti o ni iyalẹnu nipasẹ awọn ibeere kekere). Fun mi, VMWare n ra ọkọ ayọkẹlẹ kan pẹlu titiipa hood - bẹẹni, o le ni awọn alamọja ti o le yi igbanu akoko pada, ṣugbọn ẹniti o ta ọ ni ojutu yii nikan le ṣii hood naa. Tikalararẹ, Emi ko fẹran awọn solusan ti Emi ko le baamu. Iwọ yoo sọ pe o le ma ni lati lọ labẹ iho. Bẹẹni, eyi ṣee ṣe, ṣugbọn Emi yoo wo ọ nigbati o nilo lati pejọ iṣẹ nla kan ninu awọsanma lati awọn ẹrọ foju 20-30, awọn nẹtiwọki 40-50, idaji eyiti o fẹ lati lọ si ita, ati idaji keji beere fun SR-IOV isare, bibẹẹkọ iwọ yoo nilo diẹ sii mejila mejila ti awọn ọkọ ayọkẹlẹ wọnyi - bibẹẹkọ iṣẹ naa kii yoo to.

Awọn oju wiwo miiran wa, nitorinaa iwọ nikan ni o le pinnu kini lati yan ati, julọ ṣe pataki, iwọ yoo jẹ iduro fun yiyan rẹ. Eyi jẹ ero mi nikan - eniyan ti o ti rii ati fi ọwọ kan o kere ju awọn ọja mẹrin mẹrin - Nokia, Juniper, Hat Red ati VMWare. Iyẹn ni, Mo ni nkankan lati ṣe afiwe pẹlu.

orisun: www.habr.com